In Azure Active Directory (Azure AD), a risky user is a user account that has been flagged as potentially compromised or at risk of being compromised based on various signals and risk factors. These risk factors could include, for example, suspicious sign-in activities, known malware or phishing attacks, or leaked credentials associated with the user’s account.
Azure AD uses machine learning and advanced analytics to assess the level of risk associated with a user’s account and assigns a risk score to each account. If a user’s risk score exceeds a certain threshold, the account will be marked as risky and additional security measures may be triggered, such as multi-factor authentication (MFA) or conditional access policies.
By monitoring and managing risky users in Azure AD, organizations can better protect their sensitive data and resources from unauthorized access and potential threats.
