Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,040 questions
Azure Active Directory Identity Protections Risk Detections not all integrate into 365 Defender for indentity
Ao(Jonas) Sun
0
Reputation points
Hi,
We have enabled "User report suspicious activities" in the Azure AD Multi-Factor Authentication settings. We do have a user report fraud via authenticator. And Azure Active Directory Identity Protections Risk Detections triggered ""User report suspicious activities" Risk detection type however it not integrate into the 365 defender for identity and also not integrate into Azure Sentinel FYI Sentinel AADIP Connector configured and related alert analytic rule setup already and we have no limitation in the analytic rule's. The other alert like "Unfamiliar Sign-ins and Atypical Travel" triggered properly only this new risk detections "User report suspicious activities" not triggered alert in 365 defender for identity and Azure Sentinel. Want to know why? (FYI 365 Defender Settings--Alert service settings--- Checked All alerts already)
{count} votes
-
Akshay-MSFT 17,641 Reputation points Microsoft Employee2023-08-11T09:41:30.5966667+00:00 Thank you for posting your query on Microsoft Q&A. I am reviewing this and will get back to you with further inputs.
Thanks,
Akshay Kaushik
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Fiona Matu 86 Reputation points Microsoft Employee2024-02-18T12:42:13.6466667+00:00 Hi @Ao(Jonas) Sun , You can start by double-check your configurations. Azure Sentinel uses Azure AD Identity Protection Sign-in risk detection data, which is provided by the Azure AD Identity Protection connector. You might want to verify if the connector is set up properly and pulling the right data. For Microsoft 365 Defender, you might want to review the settings again and make sure that all necessary configurations are in place. If all those are well set up it is also good to note that currently, not all risk detections from Azure AD Identity Protection are supported in Microsoft 365 Defender or Azure Sentinel. For example, the "User reported suspicious activities" risk detection might not be supported yet. It's always a good idea to check the official documentation or contact Microsoft Support for the most accurate and updated information.
Sign in to comment