This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 9%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
at risk and Risky sign ins being dismissed automatically. The only way to see these it to set the view to include dismissed. Audit log in Azure is not showing these user being dismissed. Is there a way reset how risks and risky users are dismissed or remediated. There are no risky sign in policies in place. Password write back is not enabled as we have a federated MFA and SSO service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
You mention that you don't have any risky sign-in policies in place, but do you have any user risk policies in place? Sometimes these types of policies can assign automatic remediation.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Yes, this is likely the system automatically dismissing what it believes to be a false positive. You can validate this by checking the risk detail on the detection, it will be "Azure AD Identity Protection assessed sign-in safe"
What are the default policies that are in place for your environment?
All risk policies are off. Thanks
Yes, our system can automatically dismiss risky sign-ins when we deem them to be false positives. If this is the case, the risk detail will be "Azure AD Identity Protection assessed sign-in safe". Here's a screenshot of an example: 
this is what i see today, we have no MFA for this user ![156431-capture.jpg][1] [1]: /api/attachments/156431-capture.jpg?platform=QnA
anonymous user in that case it's being remediated because there was MFA, not dismissed. Are you sure that the user is not enabled for MFA?
we have a federated solution so to be honest I'm not sure. I will dig into that solution some more. Thanks for the help