Azure Active Directory (AD) Identity Protection's user risk policy helps automatically protect your users from risky behaviour on their accounts.
Azure AD has many built-in solutions to protect legitimate users from malicious actors trying to sign in to their accounts via Azure AD, one of them being user risk policy.
This policy can either fully block access or require a password reset for the user to be able to login, depending on the the sign-in risk level (High, Medium and above or Low and above).
The level is determined automatically by a series of factors, including:
- Atypical travel e.g. If a user has logged in from Australia and then authenticates from Europe in the next 5 minutes, an impossible travel to physically make
- Unfamiliar sign-in properties e.g. If a user has logged in from a location that he never logged on from before
- And other, constantly updated factors
When setting this up, you can also choose to apply this to all your users, selected individuals or groups, and exclude users.
You can read more on how to enable these policies on configure and enable risk policies documentation.
