Azure Identity Protection
The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to get portal access to find out who caused the alert
Great. Anything to stop the fraudulent takeover with fake credentials...misuse of the Azure application.