we have found many false positive on user risk and sign in risk.
For eg: one user has installed VPN client on his/her machine and connect to office 365 or azure from that location. User still in usa but VPN client points to Australia location. Azure AD dectected as High Risk user. If we enable the user risk policy, it will force the user to change the password based on the risk...what will happen when the user changed to another location in VPN it will again considered as Risk it will force the password change
For us, it is false positive since user is not physically on that location only he is changing the VPN client