Currently supported risk detections are Sign-in risk detections: Activity from anonymous IP address Additional risk detected Admin confirmed user compromised Anomalous Token Anonymous IP address Atypical travel Azure AD threat intelligence Impossible travel Malicious IP address Malware linked IP address Mass Access to Sensitive Files New country Password spray Suspicious browser Suspicious inbox forwarding Suspicious inbox manipulation rules Token Issuer Anomaly Unfamiliar sign-in properties User risk detections: Additional risk detected Anomalous user activity Azure AD threat intelligence Leaked credentials Possible attempt to access Primary Refresh Token (PRT)
=====================
A user risk policy -
User-linked detections include:
Leaked
credentials: This risk detection type indicates that the user's valid
credentials have been leaked. When cybercriminals compromise valid
passwords of legitimate users, they often share those credentials.
User risk policy.
Identity
Protection can calculate what it believes is normal for a user's
behavior and use that to base decisions for their risk. User risk is a
calculation of probability that an identity has been compromised.
A sign-in risk policy -
Suspicious browser: Suspicious browser detection indicates anomalous behavior based on suspicious sign-in activity across multiple tenants from different countries in the same browser.A sign-in risks include activity from anonymous IP address: This detection is discovered by Microsoft Defender for Cloud Apps. This detection identifies that users were active from an IP address that has been identified as an anonymous proxy IP address.
No comments:
Post a Comment