Some users left out of risk policy?

Mason Hudler 1 Reputation point
2022-08-31T20:32:36.573+00:00

Secure score recommdations are suggesting I Protect all users with a user risk policy, but as far as anyone here knows. We do have User Risk Policy enabled and the implementation status says 5 out of 600 users do not have the policy enabled. They're not excluded from the policy in AD, and I'm not sure how I'm supposed to identify them or look for them, are there any tips for this? Or anything that may have been overlooked that would keep users from having a risk policy despite no exclusions

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
36,502 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,926 Reputation points
    2022-08-31T20:39:00.39+00:00

    Hi,

    Can you check risky users detected tab under portal.azure.com and also check the Users at Risk Reports. Should provide you some information on the users, also did you included all the admins and standard users for Risk Policy?

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

  2. Limitless Technology 39,426 Reputation points
    2022-09-02T07:39:06.873+00:00

    Hello there,

    How can I get a report of detection of a specific type?
    Go to the risk detection view and filter by ‘Detection type’. You can then download this report in .CSV or .JSON format using the Download button at the top.
    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/troubleshooting-identity-protection-faq

    For better understanding you can dig deep into the reports to investigate these risks.

    Identity Protection provides organizations with three reports they can use to investigate identity risks in their environment. These reports are the risky users, risky sign-ins, and risk detection. Investigation of events is key to better understanding and identifying any weak points in your security strategy.

    Here is the link for detailed description https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk

    ----------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments