question

RobGEP-6501 avatar image
0 Votes"
RobGEP-6501 asked MarileeTurscak-MSFT commented

Azure Identity Protection to strict

I use Azure Identity Protection for M365 with default settings as well as:
- MFA
- Microsoft App for authentication

It usually works well but I find that when I travel to another country I get a lot of false flags with M365 thinking that my account may have been compromised and asking me to change it almost every day. Even when I change it, I get a new alert the next day and have to change it again. It all stops as soon as I return to my home country.

I use the default settings but it seems that these are a bit strict. Has anyone had a similar experience and can make recommendations on what to change? I've been thinking about turning off the Identity protection completely since I use MFA and the way AIP is working now it not very user-friendly.

Your ideas are appreciated :-)


azure-ad-identity-protection
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image MarileeTurscak-MSFT ·

Please let me know if you have further questions. If the answer provided was helpful to you, please consider marking as answer so that others in the community with similar questions can more easily find a solution.

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @RobGEP-6501,

How to prevent false positives in Azure Identity Protection

If you travel a lot and get false positives based on the Identity Protection default settings, you can configure Named Locations and trusted locations so that your sign-in risk is lowered when you sign in from those locations and Identity Protection's risk calculation is lowered. You can also configure Identity Protection triggers, alerts, and conditional access policies to only trigger based on high sign-in risk assessment conditions.

If you configure Identity Protection to trigger only on high sign-in risk alerts, it won't flag travel since travel only falls under the "Medium" risk category.

180227-image.png

You can also create Custom Conditional Access Policies based on sign-in risk to flag only the concerns that you care about, or configure notifications to only fire based on high-risk.

Let me know if this helps.


If this answer helped resolve your question, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.





image.png (86.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.