In Security -> Identity Protection -> Sign-in-risk policy -> Conditions we have "Sign-in-risk". Could you please tell what exactly risk level "Low and above", "Medium and above" and "High" means ? For example does "High" mean that only high risks are noticed or does it mean that I have a high protection ?
AZ-500 course: Episode "Configure Azure AD Identity Protection"
Hi @Andreas-Rosa ,
When you enable a policy user or sign in risk policy, you can also choose the threshold for risk level - low and above, medium and above, or high. This flexibility lets you decide how aggressive you want to be in enforcing any controls for suspicious sign-in events. While Microsoft does not provide specific details about how risk is calculated, we do know that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user. So High means that there is a High probability that the sign-in has been compromised. Hope that helps!!