Entra ID
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Entra ID

      Identity Protection Confirm User Safe Action

      This guide will show an administrator how to confirm a system identified risky user as a false positive.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Risky Users Confirm User Safe Action

      1. Navigate to the Risky Users – Azure Active Directory portal, locate and select a desired risky user from the list.
      2. From the Risky User Details flyout, select the Confirm user safe action. This action should be taken after investigating and confirming that the risk was a false positive. A disclaimer will be displayed detailing that the user will no longer be seen as at risk and will place the scanning for this user account into a learning mode to relearn the usage properties associated with the account. Select Yes to identify the user risk was a false positive.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.