Risk Detections
Risk Detections Overview:
Microsoft Entra ID Protection enables organizations to detect, investigate, and respond to suspicious activities in their Azure environment by identifying potential identity-based risks. These risks are categorized into low, medium, and high levels, based on how likely it is that a user's credentials have been compromised. Risk detections can be linked to specific users or sign-in events, impacting the overall risk score and guiding security actions.
The system uses real-time and offline detection methods to identify threats, allowing for swift responses to potential compromises. Based on the detected risk level, organizations can implement Conditional Access policies that require actions like multifactor authentication (MFA) or password resets to mitigate threats. Low-risk detections persist for six months, while medium and high risks remain until addressed.
Risk detections mapped to riskEventType
Last updated