Identity Protection Dismiss Sign-In Risk Action

This guide will show an administrator how to confirm a system identified risky sign-in as a benign true positive.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.SecurityOperator

Handbook Reference

Package: Identity Security

Domain: Risky Sign-Ins Queue

Modifies: N/A

Risky Sign-Ins Dismiss Sign-In Risk Action
  1. Navigate to the Risky Sign-ins – Azure Active Directory portal, locate and select a desired risky sign-in from the list.
  2. From the Risky Sign-in Details flyout, select the three dots followed by selecting the Dismiss sign-in risk action. This action should be taken after investigating and confirming that the sign-in attempt was real but not malicious.
  3. A disclaimer will be displayed detailing that the user risk associated with this sign-in will be reverted and all the corresponding risk detections will be dismissed as well. Select Yes to identify the sign-in risk as real but authorized.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.