Notify end-users when an risky sign-in (e.g. sign-in from an anonymous IP address) event is created
Can a feature be added to notify end-users by email when Azure AD detects a risky sign-in event (e.g. sign-in from an anonymous IP address) on their account, so they're able to take immediate action if their account is compromised?
Kehinde Owens commented
Currently, Azure allows alert groups to be created in order to receive alerts/risk user alerts, etc. It would be nice if the user could also receive a notification that their AAD account is at risk due to suspicious activity.
I totally agree, I really can't understand this option is not available. Why should an administrator review all those events? The risk events should be send to the affected user.
Jun Takata commented
So... curerntly, if users are flagged for risky signins, administrators need to take actions to confirm they are regitimete sign in or not before resolving the incident. As damiura suggested, if emai is sent to users from Identity Protection and the users can confirm or change password by theymselves, administration burden will be reduced.
When a new risk event is identified, the user flagged for risk receives an email from Identity Protection.
If the user does not recognize this event, the user can change his or her password by following the link provided in the email without going through the administrators.