NEW Security setting! Only available with Entra ID P2 licenses (E5 plans). Before enabling this setting, make sure your users are properly licensed.
Summary
High-risk sign-ins are flagged by Microsoft’s Entra ID Protection mechanisms because they exhibit behaviors that strongly suggest the account may be compromised (e.g., unusual location, impossible travel, atypical device, suspicious browser,...). Allowing these sign-ins increases the risk of unauthorized access and potential data breaches.
The sign-in risk is assessed at the time of login, using criteria from both real-time and offline risk detections. Microsoft defines a high-risk level as having “high confidence that the account is compromised”.
This setting uses Conditional Access Policies.
Setting available configurations
- Enabled: Creates a conditional access policy in the tenant, targeting all users and all cloud applications, to block sign-ins detected as high risk.
- Disabled: Removes the conditional access policy enabled by Office Protect, if any. Office Protect will not delete conditional policies it did not create.
- Do not modify (ignore): We will not monitor nor attempt to modify the organization’s Block High-Risk Sign-Ins policy. We recommend using this if you prefer using a customized policy, so Office Protect does not overwrite your customization.
This setting can be found in your Entra ID admin portal > Protection > Conditional Access > Policies
Learn more on real-time and offline risks detections