This guide will show an administrator how to unblock a user that has had its sign-in and MFA prompt authorization revoked due to showing indicators of compromise.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Risky Users Unblock Action
- Navigate to the Risky Users – Azure Active Directory portal, locate and select the risky user who has previously had their account blocked due to showing signs of being compromised.
- From the Risky User Details flyout, select the Unblock user action. This will reinstate the ability for the user account to successfully authenticate during sign-in prompts or the ability to successfully complete MFA prompts. The Unblock user action should only be executed once the necessary remediation steps for the compromised account have been successfully completed.
- If the action has been successfully executed, a notification will be displayed showing that the user account has been unblocked and the Unblock user action will be replaced with the Block user action.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.