Risky users reporting and remediation
Cloud Commander will be decommissioned and stop functioning on May 13, 2026. You can use the product until that date.
Review and update workflows to remove any dependencies before the product is decommissioned.
Support, bug fixes, and security patches will be available until April 13, 2026.
Microsoft Entra ID Protection collects and analyzes data from user sign-in behaviors such as leaked credentials, anonymous IP use, atypical travel, sign in from unfamiliar locations or infected devices, and more. Based on that data, Microsoft Entra ID Protection identifies potential risky sign-in attempts and potential risky users. See Microsoft's documentation: What are risk detections?
Use Cloud Commander to manage the risks detected by Microsoft Entra ID Protection. Cloud Commander displays a single view of risky users across all your managed tenants, so you don't need to sign in to customer tenants individually.
The Risky users feature is not supported for your MSP tenant or for N-able Login users.
To view and manage your customer's risky users in Cloud Commander, your customer must have a user in the tenant with Microsoft Entra ID P2 license. Microsoft requires a P2 license to access the risky users API, which Cloud Commander uses to gather the data.For more information about investigating risk, see the Microsoft Entra ID Protection documentation.
Related articles
Updated: Jan 09, 2026