Yes, our system can automatically dismiss risky sign-ins when we deem them to be false positives. If this is the case, the risk detail will be "Azure AD Identity Protection assessed sign-in safe". Here's a screenshot of an example:
at risk and Risky signins being dismissed automatically
at risk and Risky sign ins being dismissed automatically. The only way to see these it to set the view to include dismissed. Audit log in Azure is not showing these user being dismissed. Is there a way reset how risks and risky users are dismissed or remediated. There are no risky sign in policies in place. Password write back is not enabled as we have a federated MFA and SSO service
3 answers
Sort by: Most helpful
-
-
Lord,Paul 6 Reputation points
2021-12-09T21:25:37.167+00:00 this is what i see today, we have no MFA for this user ![156431-capture.jpg][1] [1]: /api/attachments/156431-capture.jpg?platform=QnA
-
Sarah Handler 6 Reputation points
2021-12-09T21:39:37.34+00:00 anonymous user in that case it's being remediated because there was MFA, not dismissed. Are you sure that the user is not enabled for MFA?