Entra ID
      Back to home
      1. Sittadel Knowledge Base
      2. Azure Portals
      3. Entra ID

      Identity Protection Confirm Sign-In Safe Action

      This guide will show an administrator how to confirm a system identified risky sign-in as a false positive.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.SecurityOperator

      Handbook Reference

      Package: Identity Security

      Domain: Risky Sign-Ins Queue

      Modifies: N/A

      Risky Sign-Ins Confirm Sign-In Safe Action
      1. Navigate to the Risky Sign-ins – Azure Active Directory portal, locate and select a desired risky sign-in from the list.
      2. From the Risky Sign-in Details flyout, select the three dots followed by selecting the Confirm sign-in safe action. This action should be taken after investigating and confirming that the sign-in attempt was a false positive.
      3. A disclaimer will be displayed detailing that the user risk associated with this sign-in will be reverted and similar sign-ins from this user will not be considered risky if reattempted. Select Yes to identify the sign-in risk as real but authorized.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.