如何:解除封鎖使用者How To: Unblock users

使用 Azure Active Directory Identity Protection 時,如果符合設定的條件,您就可以設定原則來封鎖使用者。With Azure Active Directory Identity Protection, you can configure policies to block users if the configured conditions are satisfied. 一般而言,遭封鎖的使用者會聯絡服務台以解除封鎖。Typically, a blocked user contacts help desk to become unblocked. 本文說明將遭封鎖使用者解除封鎖的執行步驟。This article explains the steps you can perform to unblock a blocked user.

判斷封鎖的原因Determine the reason for blocking

解鎖使用者的第一個步驟,您需要判斷封鎖使用者的原則類型為何,以決定後續步驟。As a first step to unblock a user, you need to determine the type of policy that has blocked the user because your next steps are depending on it. 使用 Azure Active Directory Identity Protection 時,使用者可能是因登入風險原則或使用者風險原則而遭封鎖。With Azure Active Directory Identity Protection, a user can be either blocked by a sign-in risk policy or a user risk policy.

您可以從使用者嘗試登入期間所出現的對話方塊標題取得封鎖使用者的原則類型︰You can get the type of policy that has blocked a user from the heading in the dialog that was presented to the user during a sign-in attempt:

原則Policy 使用者對話方塊User dialog
登入風險Sign-in risk 封鎖的登入
使用者風險User risk 封鎖的帳戶

封鎖使用者的類型為︰A user that is blocked by:

  • 登入風險原則,也就是可疑的登入A sign-in risk policy is also known as suspicious sign-in
  • 使用者風險原則,也就是有風險的帳戶A user risk policy is also known as an account at risk

解鎖可疑的登入Unblocking suspicious sign-ins

若要解鎖可疑的登入,您有下列選擇︰To unblock a suspicious sign-in, you have the following options:

  1. 從熟悉的位置或裝置登入 - 可疑的登入會遭封鎖通常是因為使用者嘗試從不熟悉的位置或裝置登入。Sign in from a familiar location or device - A common reason for blocked suspicious sign-ins are sign-in attempts from unfamiliar locations or devices. 使用者可以嘗試從熟悉的位置或裝置登入,以迅速判斷這是否是遭封鎖的原因。Your users can quickly determine whether this is the blocking reason by trying to sign-in from a familiar location or device.
  2. 從原則中排除 - 如果您認為目前的登入原則設定對特定使用者造成問題,您可以排除這些使用者。Exclude from policy - If you think that the current configuration of your sign-in policy is causing issues for specific users, you can exclude the users from it. 如需詳細資訊,請參閱 Azure Active Directory Identity ProtectionFor more information, see Azure Active Directory Identity Protection.
  3. 停用原則 - 如果您認為您的原則設定對所有使用者造成問題,您可以停用原則。Disable policy - If you think that your policy configuration is causing issues for all your users, you can disable the policy. 如需詳細資訊,請參閱 Azure Active Directory Identity ProtectionFor more information, see Azure Active Directory Identity Protection.

解鎖有風險的帳戶Unblocking accounts at risk

若要解鎖有風險的帳戶,您有下列選擇︰To unblock an account at risk, you have the following options:

  1. 重設密碼 - 您可以重設使用者的密碼。Reset password - You can reset the user's password.
  2. 關閉所有風險事件 - 如果已達到設定的封鎖存取權限之使用者風險層級,使用者風險原則就會封鎖使用者。Dismiss all risk events - The user risk policy blocks a user if the configured user risk level for blocking access has been reached. 您可以手動關閉已報告的風險事件來降低使用者的風險層級。You can reduce a user's risk level by manually closing reported risk events.
  3. 從原則中排除 - 如果您認為目前的登入原則設定對特定使用者造成問題,您可以排除這些使用者。Exclude from policy - If you think that the current configuration of your sign-in policy is causing issues for specific users, you can exclude the users from it. 如需詳細資訊,請參閱 Azure Active Directory Identity ProtectionFor more information, see Azure Active Directory Identity Protection.
  4. 停用原則 - 如果您認為您的原則設定對所有使用者造成問題,您可以停用原則。Disable policy - If you think that your policy configuration is causing issues for all your users, you can disable the policy. 如需詳細資訊,請參閱 Azure Active Directory Identity ProtectionFor more information, see Azure Active Directory Identity Protection.

後續步驟Next steps

您想要深入了解 Azure AD Identity Protection?Do you want to know more about Azure AD Identity Protection? 查看 Azure Active Directory Identity ProtectionCheck out Azure Active Directory Identity Protection.