View risky users

On the risky user list, search and filter to find a specific risky user, risk state, risk level and more, and use the available actions to Manage risky users.

To view and manage your customer's risky users in Cloud Commander, your customer must have a Microsoft Entra ID P2 license. Microsoft requires a P2 license to access the riskyusers APi which Cloud Commander uses to gather the data.

Requirements

  • You must be assigned the Identity Protection Writer or Reader role.

View risky users

  1. On the left navigation, select Security > Risky Users.
  2. If not already selected, use the global customer selector - Customers drop-down menu to select the customers you want to view data for.
  3. Filter or search to find users at risk. For example, use the Risk state or Risk level column filters to quickly see users at risk.

    The list of risky users displays. You can filter and search the data, choose the columns you want to display, and export to Microsoft Excel. See Navigation and tools for table options.

Risk column descriptions

Column Description
Risk state State of the user's risk. The possible values are safe, dismissed, remediated, at risk, compromised, none.
Risk level An indicator of the probability that the user's account is compromised. The possible values are low, medium, high, hidden, none.
Risk detail Details that contributed to the risk level. The possible values are:
  • None
  • Admin generated temporary password
  • User performed secured password change
  • User performed secured password reset
  • Admin confirmed sign in safe
  • AI confirmed sign in safe
  • User passed MFA driven by risk based policy
  • Admin dismissed all risk for user
 
  • Admin confirmed sign in compromised
  • Admin confirmed user compromised
  • Admin confirmed service principal compromised
  • Admin dismissed all risk for service principal
  • m365 Admin dismissed detection
  • User changed password on premises
  • Admin dismissed risk for sign in
  • Admin confirmed account safe
Risk updated The date and time the risky user was last updated.

Next steps

Related articles

Updated: Mar 28, 2024