Entra ID
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Entra ID

      Identity Protection Dismiss User Risk Action

      This guide will show an administrator how to confirm a system identified risky user as a benign true positive.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Risky Users Dismiss User Risk Action

      1. Navigate to the Risky Users – Azure Active Directory portal, locate and select a desired risky user from the list.
      2. From the Risky User Details flyout, select the Dismiss user risk action. This action should be taken after investigating and confirming that the user account isn't at risk of being compromised. A disclaimer will be displayed detailing that the user will no longer be seen as at risk, and all the risky sign-ins of this user and corresponding risk detections will be dismissed as well select Yes to identify the user risk as real but not malicious.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.