Russell

My feedback

  1. 17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Active Directory » Identity Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Russell commented  · 

    I understand that exposing information from a user's home organisation to us could be problematic, but when a B2B federated guest tries to access one of our systems and is blocked due to user risk we should have *some* ability to see that this has happened.

    We recently had a case where several guests whose home organisations didn't block access by "risky" users were blocked by our CA policies. They reported they could log in fine to their home organisation systems but were blocked from our systems, and the only indication available to us of what happened was the login record in our tenancy saying

    Status: failure
    Conditional access: Success
    Failure reason: Other
    Sign-in error code: 530032

    and nothing in the AAD console under “Risky sign-ins”, “Risk detections”, or “Risky users”. This made determining the cause of their access being blocked extremely frustrating.

    Russell supported this idea  · 

Feedback and Knowledge Base