![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 51%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
649 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @ネパリ サンデャ ,
The user needs to have an elevated role while the report is generated to get the email.
You can verify this in tenant audit logs:
Azure Active Directory Identity Protection notifications - Microsoft Entra | Microsoft Learn
If you have self-remediation enabled for the tenant, it is also possible that the user already remediated the risk. You can see risky users and risky sign-ins that have been remediated by adding "Remediated" to the Risk state filter in either the Risky users or Risky sign-ins reports. https://video2.skills-academy.com/en-us/entra/id-protection/howto-identity-protection-configure-notifications#configure-users-at-risk-detected-alerts
In addition, all users need to have a Premium P2 license. There isn't anything built in just for risky sign-ins alone, but you can set up either alerts based on user risk levels or alerts that come in a weekly digest email (which include risky sign-ins). To configure alerts based on user risk levels, you can go to Azure Active Directory > Security > Identity Protection > Users at risk detected alerts. These will be triggered based on the risk level, which is set to "high" by default.
You can also set up weekly digest emails. These emails include the following:
New risky users detected
New risky sign-ins detected (in real time)
Links to the related reports in Identity Protection
You can do this under Microsoft Entra ID > Security > Identity Protection > Weekly digest.
There is also this sample powershell script you can run for identifying risky users and eliminating false positives: https://github.com/AzureAD/IdentityProtectionTools
Let me know if these suggestions help and if you still encounter any issues.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions. Otherwise let us know if you have further questions.