Differences between
“Risky Sign-In” and “Risk User”
- Risky sign-in: abnormally in sign in activities, such as unusual
location, impossible travels etc.
- Risky user: An account that MS believes to have high probability of
having been comprised (e.g. leaked credential)
More importantly,
the difference lies in how they are dealt with:
- Risky Sign-in: requires additional authentication (e.g. MFA)
- Risky User: Make old credential invalid (e.g. reset password)
If we are to target
“Risky Users”, Risky User Policy can be used to
force password change.
Similarly, If we
are to target “Risky Sign Ins”, we can use “Risky Sign in Policy” to enforce
MFA.