Implementing the User Risk Policy
Start course

This course will provide you with an understanding of what Azure Identity Protection is, what it does, and how to implement identity protection policies.

Learning Objectives

  • Understand what Azure Identity Protection is, what it does, and what it consists of
  • Learn about the different identity protection policies that are available and what they do
  • Learn how to configure an Azure identity protection policy

Intended Audience

This course is intended for anyone who wishes to learn about Azure Identity Protection.


To get the most out of this course, you should have a basic understanding of Azure Active Directory.


Hello and welcome back. What we're going to do here in this quick demonstration is walk through the process of enabling the user risk policy. Now, on the screen here, I am logged into my Azure portal for the Berks Builders Organization. I am logged in as the global admin. To set up the user risk policy, what we're going to do here is go into 'Azure Active Directory', and then from Azure Active Directory we're going to go down here to 'Security'. Now, once we're in Security here, we have a couple of options under Protect.

We can configure Conditional Access, configure Identity Protection, we can access Security Center, and we can do some other stuff here down the left-hand navigation side. What we're going to do here is go into 'Identity Protection'. And then once we're in the overview page for Identity Protection, we can, under Protect here, configure the user risk policy, a sign-in risk policy, or the MFA registration policy. These are the three default policies we talked about. What we'll do here is select 'User risk policy'. And remember, I mentioned that there isn't a whole lot to configure with these default policies, and that's what you're seeing here. You can configure the Assignments, essentially who gets the policy, you can specify the user risk, and you can configure the controls, what happens when this policy fires.

And then, of course, you can turn the policy on and off. If we select 'All users' here, you can see we can either keep it set for All users or we can Select individual users and groups, or we can actually Exclude users and groups as well. We'll leave this default setting here to All users. And then what we'll do here is we'll hover over user risk here, and we can see here, what this tells us is that user risk that we define here is the likelihood that a user account is compromised. So, if we select 'Low and above', what we can do is configure the user risk level that's needed for the policy to get enforced. We have a couple of options here. We have Low and above, Medium and above, and High. Now, as I mentioned earlier in the course, the higher the risk here, the higher the confidence that there's a problem.

So, if you select 'Low and above' here, you may get some false positives. If you select 'Medium and above', there will be fewer false positives. And then if you select 'High' here, there will be very, very few, if any, false positives. Because it's at this point, if it's identified as a high-risk, Identity Protection is pretty sure it's actually a risk. What we'll do for this demo is just leave it here at Low and above. And then in the Controls here, if we highlight this icon, we can see this is where we can select the Controls to require for access grant. The default here is Block access. Selecting it takes us over into the Access selection pane, where we can Block access or we can Allow access. We can also require a password change if we're going to allow access. We'll leave this set here for Allow access and require a password change. And then what we can do here is turn the policy on and save it. And that's it. That's how you configure the default user risk policy in as your Identity Protection.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.