User Risk Detection Types: Understanding Azure AD Risk Detections

D.

Sure, I'd be happy to explain!

When you open the risk detections report in Azure AD, you'll see a list of different types of risk detections. Each risk detection corresponds to a specific type of threat or vulnerability that could potentially compromise the security of your Azure AD tenant.

Out of the four options provided, the risk detection type that is classified as a user risk is "atypical travel." This type of risk detection is triggered when a user's sign-in activity appears to be unusual or unexpected based on their previous sign-in history. For example, if a user typically signs in from a specific geographic location, but suddenly signs in from a different location halfway across the world, this could trigger an atypical travel risk detection.

It's worth noting that the other risk detection types listed are also important to be aware of:

• "Impossible travel" refers to sign-ins that occur from two different geographic locations within a very short timeframe, making it physically impossible for the user to have traveled between the two locations. This could indicate that someone else is using the user's credentials.

• "Anonymous IP address" refers to sign-ins that occur from an IP address that can't be traced back to a specific organization or location. This could indicate that the user is trying to conceal their true identity or location.

• "Leaked credentials" refers to situations where a user's credentials (such as their username and password) have been compromised and are being used by someone else to sign in to their account.

While these risk detection types don't necessarily correspond directly to user risks, they are all indicators of potential security threats that should be investigated further to ensure the safety of your Azure AD tenant.