I suggest you ...

Add PowerShell commands to manage "Users flagged for risk" in Azure AD

I have quite a few users who have been tagged as "Users flagged for risk" in Azure AD. I'd like to be able to "Dismiss all events" for those users that were "Last updated" more than XX days ago. It seems I can only do this via the web GUI one user at a time. This stinks. This particular report had gone unwatched for a bit. PowerShell to the rescue please!

17 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Unnamed Person shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        I mispoke a little in that last comment. The download is sorted by High/Medium/Low first then by user name. So it typically can be used for those that are listed as High Risk. So only those with medium risk get lost. Still want powershell integration.

      • Anonymous commented  ·   ·  Flag as inappropriate

        In higher ed environments, we have large turn over in users ~15000. Because of this, Users flagged for risk in it's current state is fairly useless. The blade in Azure doesn't even allow for sort by date so trying to find the latest flagged user is impractical. If I download the excel file, it's limited to the first 10000 users sorted alphabetically. So anyone that has a recent high security risk alert with the last name past M won't be in the list. It's a significant time commitment to remove each of these users one at a time each semester to keep the list manageable.

      Feedback and Knowledge Base