I suggest you ...

Add PowerShell commands to manage "Users flagged for risk" in Azure AD

I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

20 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Unnamed Person shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    I mispoke a little in that last comment. The download is sorted by High/Medium/Low first then by user name. So it typically can be used for those that are listed as High Risk. So only those with medium risk get lost. Still want powershell integration.

  • Anonymous commented  ·   ·  Flag as inappropriate

    In higher ed environments, we have large turn over in users ~15000. Because of this, Users flagged for risk in it's current state is fairly useless. The blade in Azure doesn't even allow for sort by date so trying to find the latest flagged user is impractical. If I download the excel file, it's limited to the first 10000 users sorted alphabetically. So anyone that has a recent high security risk alert with the last name past M won't be in the list. It's a significant time commitment to remove each of these users one at a time each semester to keep the list manageable.

Feedback and Knowledge Base