I tried to use this example (https://github.com/azure-ad-b2c/samples/tree/master/policies/conditional-access/policy) to call the conditional access evalution, force an user to pass the MFA if it's needed, and then remediation. Then I configured the Conditional Access policies separatly based on User risk (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#user-linked-detections) and Sign-In risk (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#sign-in-risk). And I found that for "Sign-In risk" policy when an user passes the MFA step, the risk is marked as "Remediated". But when I use "User risk" policy, no remediation occurs, the user is still has Risk state "At risk" in the Risky users report. The question is, is there any way to remediate a risky user with a custom B2C policy?
