User Risk policy and sign in risk policy-false positive

Parameswaran, Sankarasubramanian 2 Reputation points
2020-04-30T21:48:46.897+00:00

we have found many false positive on user risk and sign in risk.

For eg: one user has installed VPN client on his/her machine and connect to office 365 or azure from that location. User still in usa but VPN client points to Australia location. Azure AD dectected as High Risk user. If we enable the user risk policy, it will force the user to change the password based on the risk...what will happen when the user changed to another location in VPN it will again considered as Risk it will force the password change

For us, it is false positive since user is not physically on that location only he is changing the VPN client

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 94,836 Reputation points MVP
    2020-05-01T07:00:29.883+00:00

    And how exactly do you expect Azure AD to know the physical location of the user? The IP from which the attempt originates is used to determine the location, if he uses VPN to change the address, Azure AD will detect it, correctly. If you don't want this to happen, exclude the user from the policy.

    0 comments