Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Risky user email notification is confusing

Risky user email notification is confusing.
When a user click the link on an email, he/she goes to "Risky users (Preview)" page. However this page is confusing. Especially, sometimes it says "No risky sign-ins found" on "Resent risky sign-ins" tab. The link should navigate users to "Azure AD Identity Protection" page, which is intuitive and easier to understand.

10 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Kashie Araki shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • bene_tleilax_08 commented  ·   ·  Flag as inappropriate

    Agree with Kashie. Additionally, the risky user email is the only email notification (besides the weekly digest) that an admin can receive from Azure Identity Protection. It would be helpful if an admin could setup email alerts for risky sign-ins as they occur, not when ID Protection evaluates the user as at risk.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Great. Anything to stop the fraudulent takeover with fake credentials...misuse of the Azure application.

  • Christian Taveras commented  ·   ·  Flag as inappropriate

    The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to get portal access to find out who caused the alert

Azure Active Directory: Identity Protection

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice