Microsoft Entra ID Protection offers robust mechanisms to detect and respond to suspicious activities, ensuring your organization's security. This article explains the risky sign-in policies and how they may prompt additional multifactor authentication (MFA).
Risky Sign-In Policies
Risky sign-in policies focus on specific login attempts that appear suspicious. These policies analyze factors like:
- Unfamiliar locations: Sign-ins from places the user doesn't typically access from.
- Unusual device activity: Devices not commonly used by the user.
- Multiple failed login attempts: Indicating potential brute-force attacks
If a sign-in is flagged as risky, the system will prompt the user for MFA to verify their identity.
How Risk-Based Policies Work
- Detection: Microsoft Entra ID Protection continuously monitors sign-in attempts and user behavior.
- Assessment: It evaluates the risk level based on predefined criteria.
- Response: Depending on the risk level, it may prompt for MFA