Anomalous Activity Reports from old portal not in new?
The old Azure Portal has a group of Anomalous Activity reports. We have found these very useful in finding compromised accounts.
In fact, last month we had a user show up with a login from Nigeria in the "Sign ins from multiple geographies" report. We immediately changed their password, and found that the account was being used to send out spam at the same moment we were disabling it.
Without that report, more spam would have gone out and we wouldn't know until much later.
That same user never showed up under "Risky sign-ins" or "Users flagged for risk" in the new portal.
Are those various Anomalous Activity reports going to show up in the new portal?
And, if not, will the recommendations in the Office 365 Secure Score section of the Security & Compliance portal be modified to no longer require reviewing reports in the old portal?
The classic portal has a bunch of reports with AAD Premium (licencing, activity, application ,...) which I can not find in the new portal. Risky sign-ins is a feature of Identity Protection which is only available for extra costs. Will the reports be transferred ?
The reports in the classic portal are available via REST. Is this still the same ?