question

sankarasubramanianparameswaran-4035 avatar image
0 Votes"
sankarasubramanianparameswaran-4035 asked ·

User Risk policy and sign in risk policy-false positive

we have found many false positive on user risk and sign in risk.

For eg: one user has installed VPN client on his/her machine and connect to office 365 or azure from that location. User still in usa but VPN client points to Australia location. Azure AD dectected as High Risk user. If we enable the user risk policy, it will force the user to change the password based on the risk...what will happen when the user changed to another location in VPN it will again considered as Risk it will force the password change

For us, it is false positive since user is not physically on that location only he is changing the VPN client

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered ·

And how exactly do you expect Azure AD to know the physical location of the user? The IP from which the attempt originates is used to determine the location, if he uses VPN to change the address, Azure AD will detect it, correctly. If you don't want this to happen, exclude the user from the policy.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.