Sign-in Risk
Real-time assessment of the probability that a given sign-in attempt is not performed by the legitimate account owner.
What is Sign-in Risk?
Sign-in risk evaluates each authentication attempt in real-time. Signals include unfamiliar sign-in properties, anonymous IP addresses, impossible travel, malware-linked IP addresses, and atypical travel. Risk levels (low, medium, high) determine policy responses—higher risk can trigger MFA requirements or block access.
In Microsoft 365
Azure AD Identity Protection calculates sign-in risk for every authentication. Conditional Access policies can require MFA for medium risk and block high risk sign-ins. Real-time risk is evaluated during the sign-in flow.
Examples
- 1Sign-in from unfamiliar location triggers MFA
- 2Anonymous IP sign-in blocked
- 3Impossible travel detected between two countries
Related TrueConfig Controls
These controls help implement and verify sign-in risk in your Microsoft 365 environment.
Frequently Asked Questions
What is Sign-in Risk?▼
How does Sign-in Risk work in Microsoft 365?▼
What are examples of Sign-in Risk?▼
Which TrueConfig controls relate to Sign-in Risk?▼
Related Terms
Identity Protection
Azure AD feature that detects identity-based risks and enables automated responses to suspicious sign-ins.
User Risk
Assessment of the probability that a user account has been compromised based on accumulated risk signals.
Conditional Access
Policy-based access control that evaluates signals and enforces security requirements before granting access.