I am receiving notices of Risky Users via email. When I try to check to see which accounts are affected in Identity Protect, nothing is shown for Risky Users or At Risk Users.
Thanks for reaching out and apologies for delay in response.
I understand you are not able to see the Risky users accounts in risky users reports although you received the notification for Risky users.
There can be number of factors due to which risky users accounts didn't show up:
1.There might a chance that self-remediation policy has been setup which allow users to self-remediate, with Azure AD Multi-Factor Authentication (MFA) and self-service password reset (SSPR) in when risk is detected. If users self-remediate, it won't show up in Risky Users reports.
2.Also, Azure AD stores reports and security signals for a defined period of time. If you will try to look for those accounts later, you will not be able to get the data of affected users.
3.Other reason can be, if there is no policy to self-remediate and if you have high number of affected users, then risky users and risky sign in reports allow most recent 2500 entries and that entry might get missed.
Hope this will help to filter the issue based on your scenario.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
2 people are following this question.
