How can we improve Azure Active Directory?

Add PowerShell commands to manage "Users flagged for risk" in Azure AD

I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

111 votes
Sign in
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Unnamed Person shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Microsoft
Signed in as (Sign out)
  • Long, Gary commented  ·   ·  Flag as inappropriate

    Come on Microsoft - throw us a bone! How are we supposed to effectively manage risk with these "stone age" tools?

  • Povl H. Pedersen commented  ·   ·  Flag as inappropriate

    Agree. Currently it is not usable. I have as first user on my list a high risk user, last event 1 year back, 0 events in total

    Is this usable information ? No.

    Please find someone who can implement this.

    Just dismissing all would be a great help, and being able to sort by date without having to download the list. Powershell would be the best.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is some pretty basic functionality that would greatly improve the usability of the Users flagged for risk, it's been over a year without any updates. Agreed with Russ, this is highly disappointing.

  • s commented  ·   ·  Flag as inappropriate

    this is broken as **** anyway. I still have users in my console that aren't even at the company anymore and their emails have been deleted years ago. their "dismissed" but still there. what a bad product

  • Anonymous commented  ·   ·  Flag as inappropriate

    truly need to be able to dismiss a bulk of users either via powershell or the portal for users flagged for risk

  • Stephane BOUGES commented  ·   ·  Flag as inappropriate


    As this is quite an old subject and it's still annoying us for our day-to-day work to have no PowerShell cmdlets to manage Risk Events / Users flagged for risk, I would like to know:
    Any news on this subject? Any estimated date when it could be available?

    Thanks in advance for your answer...

    Best Regards,
    Stephane BOUGES.

  • Roger commented  ·   ·  Flag as inappropriate

    Please implement a function in the portal and with powershell to dismiss a bulk of users.

  • CF commented  ·   ·  Flag as inappropriate

    The current implementation of "Users flagged for risk" has two major shortcomings
    1) You can't work (read/delete) on these events via an automated fashion (PowerShell)
    2) You can't whitelist IP ranges belonging to your organisation so as to drive down false positives

    => Please urgently improve this functionality as currently it is close to useless.

  • KM commented  ·   ·  Flag as inappropriate

    Hi please address powershell or API read/write access to risk events. I would very much like to see the capability to close risk events or do remediation from a script.

  • Ward commented  ·   ·  Flag as inappropriate

    We had a instance of Office 365 running for two years as a test instance, and when we finally went all in with Office 365 we had over 3,000 events in "Users flagged for risk". We wanted to start from square one and get all of these cleared. We put in a Microsoft Premier support ticket in to have these cleared and Microsoft's response was that they had now way to clear these logs. Insanity!

← Previous 1

Feedback and Knowledge Base