Risk Detections
Risk Detections Overview:
Microsoft Entra ID Protection enables organizations to detect, investigate, and respond to suspicious activities in their Azure environment by identifying potential identity-based risks. These risks are categorized into low, medium, and high levels, based on how likely it is that a user's credentials have been compromised. Risk detections can be linked to specific users or sign-in events, impacting the overall risk score and guiding security actions.
The system uses real-time and offline detection methods to identify threats, allowing for swift responses to potential compromises. Based on the detected risk level, organizations can implement Conditional Access policies that require actions like multifactor authentication (MFA) or password resets to mitigate threats. Low-risk detections persist for six months, while medium and high risks remain until addressed.
Risk detections mapped to riskEventType
Sign-in risk detections
Real-time or Offline
Nonpremium
generic = Premium detection classification for non-P2 tenants
Real-time or Offline
Nonpremium
investigationsThreatIntelligence
User risk detections
Real-time or Offline
Nonpremium
generic = Premium detection classification for non-P2 tenants
Real-time or Offline
Nonpremium
investigationsThreatIntelligence
Last updated