User Risk
Assessment of the probability that a user account has been compromised based on accumulated risk signals.
What is User Risk?
User risk is calculated offline based on aggregated signals about an account. Unlike sign-in risk which evaluates individual authentications, user risk considers patterns over time and external signals like leaked credentials. A user flagged as high risk may have had their password exposed in a breach or exhibited behavior consistent with compromise.
In Microsoft 365
Azure AD Identity Protection calculates user risk based on signals including leaked credentials (found on dark web), anomalous user activity, and administrator-reported compromise. User risk policies can require password change or block access until remediated.
Examples
- 1Leaked credentials detected from data breach
- 2Unusual mail forwarding rules created
- 3Mass file downloads detected
Related TrueConfig Controls
These controls help implement and verify user risk in your Microsoft 365 environment.