How can we improve Azure Active Directory?

Add PowerShell commands to manage "Users flagged for risk" in Azure AD

I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

112 votes
Sign in
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Unnamed Person shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi – Thanks for the suggestion. We understand this is a problem today and we are planning to bring an option to multi-select users and the “Dismiss risk” on them in the new UX. If your requirement is to dismiss risk on hundreds of users, please reach out to the CSS team and they will guide you to the right contacts.



Sign in
Password icon
Signed in as (Sign out)
  • Povl H. Pedersen commented  ·   ·  Flag as inappropriate

    Agree. Currently it is not usable. I have as first user on my list a high risk user, last event 1 year back, 0 events in total

    Is this usable information ? No.

    Please find someone who can implement this.

    Just dismissing all would be a great help, and being able to sort by date without having to download the list. Powershell would be the best.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is some pretty basic functionality that would greatly improve the usability of the Users flagged for risk, it's been over a year without any updates. Agreed with Russ, this is highly disappointing.

  • s commented  ·   ·  Flag as inappropriate

    this is broken as **** anyway. I still have users in my console that aren't even at the company anymore and their emails have been deleted years ago. their "dismissed" but still there. what a bad product

  • Anonymous commented  ·   ·  Flag as inappropriate

    This cant be that hard to get sorted can it? This needs to be automated into a report...

  • Matt Wilkinson commented  ·   ·  Flag as inappropriate

    This request has been open a year. Please can we have PowerShell commands for this functionality?

  • Anonymous commented  ·   ·  Flag as inappropriate

    truly need to be able to dismiss a bulk of users either via powershell or the portal for users flagged for risk

  • Stephane BOUGES commented  ·   ·  Flag as inappropriate


    As this is quite an old subject and it's still annoying us for our day-to-day work to have no PowerShell cmdlets to manage Risk Events / Users flagged for risk, I would like to know:
    Any news on this subject? Any estimated date when it could be available?

    Thanks in advance for your answer...

    Best Regards,
    Stephane BOUGES.

  • Roger commented  ·   ·  Flag as inappropriate

    Please implement a function in the portal and with powershell to dismiss a bulk of users.

  • CF commented  ·   ·  Flag as inappropriate

    The current implementation of "Users flagged for risk" has two major shortcomings
    1) You can't work (read/delete) on these events via an automated fashion (PowerShell)
    2) You can't whitelist IP ranges belonging to your organisation so as to drive down false positives

    => Please urgently improve this functionality as currently it is close to useless.

  • Anonymous commented  ·   ·  Flag as inappropriate

    it's a must mates, we have lots of noise due Users flagged for risk deleted time ago.

  • KM commented  ·   ·  Flag as inappropriate

    Hi please address powershell or API read/write access to risk events. I would very much like to see the capability to close risk events or do remediation from a script.

  • Ward commented  ·   ·  Flag as inappropriate

    We had a instance of Office 365 running for two years as a test instance, and when we finally went all in with Office 365 we had over 3,000 events in "Users flagged for risk". We wanted to start from square one and get all of these cleared. We put in a Microsoft Premier support ticket in to have these cleared and Microsoft's response was that they had now way to clear these logs. Insanity!

← Previous 1

Feedback and Knowledge Base