Risky user email notification is confusing
Risky user email notification is confusing.
When a user click the link on an email, he/she goes to "Risky users (Preview)" page. However this page is confusing. Especially, sometimes it says "No risky sign-ins found" on "Resent risky sign-ins" tab. The link should navigate users to "Azure AD Identity Protection" page, which is intuitive and easier to understand.
Agree with Kashie. Additionally, the risky user email is the only email notification (besides the weekly digest) that an admin can receive from Azure Identity Protection. It would be helpful if an admin could setup email alerts for risky sign-ins as they occur, not when ID Protection evaluates the user as at risk.
Great. Anything to stop the fraudulent takeover with fake credentials...misuse of the Azure application.
Christian Taveras commented
The emails that are sent when there is a new alert should contain more information than just being notified there is a new alert or risk event. The email can only be sent to global admins so there is no reason to not have detailed info in the email. Also if there is more info in the email a Global Admin can at least call, text, email the user in question as we wont always be able to gain access to the portal so if the event is real. it can be addressed over the phone. Instead of waiting to get portal access to find out who caused the alert