An Azure risky sign-in is an authentication attempt made to an Azure Active Directory (Azure AD) tenant that is flagged by Azure AD’s machine learning algorithms as having a higher than normal probability of being a malicious or fraudulent attempt. Azure AD analyzes various factors such as sign-in location, IP address, device platform, and user account history to detect unusual patterns and determine the likelihood of a sign-in being risky.
When a risky sign-in is detected, Azure AD can take action based on policies that have been configured by the organization’s security administrators. For example, Azure AD can require additional authentication factors or block the sign-in entirely.
Security administrators can view and investigate risky sign-ins using Azure AD’s risk detection reports, which provide details on the specific factors that contributed to the sign-in being flagged as risky. This information can help organizations identify potential security threats and take appropriate measures to protect their resources and data.
