On the Risky Users page you will have to select an account and then select the Risk History tab. This will show you if the entity was compromised or not for the past 90 days.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk#risky-users
This question very confusing...Risky Users and Risk Detections are the only ones that provide data for the past 90 days, but both provide info about the Risk State....like Confirmed Compromised...
Just tested it and correct answer is A - the risk detections report. D only shows one month of risky sign ins. From risk detections you select from risk state the checkbox on confirm compromised and detection time last 90 days.
The Risky users report allows you to review risky sign-ins and flag each one as either safe or compromised based on the results of an investigation and the information provided by the console.
Just tested this with the tenant of the MSP I work for. It shows risky user accounts right back to a couple of years ago.
I went to portal.azure.com
Then "Entra ID"
Then "Security"
Then "Identity protection"
Then I see "Report" and under that I see "Risky users".
I also just went to entra.microsoft.com and under "Protection" then "Risky activities" I also found the same "Risky users" report also showing back a couple of years.
B
This report lists all users whose accounts are currently or were considered at risk of compromise. It includes a Risk history tab that shows all the events that have led to a user risk change in the last 90 days
https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk
The Risky users report doesn't have any time limit; I have detections in my lab from as far back as 2018. From this page you can click on a user and then get to risk detections associated with them. Risk detections report is applicable here but I would start with the Risky Users report.
This is an underrated comment. I tricked myself into thinking risky users showed history of users at risk over the past 90 days, but now that you mention it I distinctively remember seeing risky users going back to 2021. Risky users are entirely static and will stay there until you remove them. You also can not filter risky users in any way, shape or form.
Not true. You can apply filters on Risky users as well. Look at the link: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-protection-investigate-risk?pivots=b2c-user-flow
There's an option says you can 'Apply filters'
ChatGPT is of no help:
Review Risky Users:
Check the list of risky users to see if User1 is listed. Risky users are flagged based on suspicious activities or behaviors that indicate a potential compromise.
Look for indicators such as multiple failed sign-in attempts, unusual sign-in locations, or other anomalous activities associated with User1.
Check Risk Detection Reports:
Review risk detection reports to see if any security events or activities related to User1 have been flagged as risky in the last 90 days.
Look for risk detections such as unusual sign-ins, impossible travel, or suspicious activity patterns that may indicate a compromised identity.
Check Risk Detection Reports:
Review risk detection reports to see if any security events or activities related to User1 have been flagged as risky in the last 90 days.
Look for risk detections such as unusual sign-ins, impossible travel, or suspicious activity patterns that may indicate a compromised identity.
Investigate Sign-In Logs:
Review sign-in logs to identify any suspicious sign-in activities associated with User1 in the last 90 days.
Look for unusual sign-in locations, multiple failed sign-in attempts, or sign-in activities outside of User1's normal behavior patterns.
This document says "The risky users report lists all users whose accounts are currently or were considered at risk of compromise." and "The Risk history tab also shows all the events that have led to a user risk change in the last 90 days."
This makes the choice to be B.
With the information provided by the risky users report, administrators can find:
Which users are at risk, have had risk remediated, or have had risk dismissed?
Details about detections
History of all risky sign-ins
Risk history
Administrators can then choose to take action on these events. Administrators can choose to:
Reset the user password
Confirm user compromise
Dismiss user risk
Block user from signing in
Investigate further using Microsoft Defender for Identity
A. the risk detections report ---- > can filter to 90 days
B. the risky users report Most Voted ---- > there is no filter for days / period
C. Identity Secure Score recommendations ---- > Does not apply
D. the risky sign-ins report ------> Can filter only for 1 Month max
D. the risky sign-ins report. This report shows the sign-ins that have been flagged as risky by the identity protection system, and it stores the data for 90 days for Microsoft Entra ID P2 licenses1. You can use this report to investigate the risk level, risk type, and risk detail of each sign-in, and take actions to remediate the risk.
I've tested in my lab
The only option that shows 90days and risk (At Risk, Confirmed Compromised, etc) is the Risk detections page.
Risky sign-ins only allows until 30 days
Risky users you can't filter date
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Marchiano
Highly Voted 1 year, 9 months agomandragon
Highly Voted 2 years, 1 month agosunilpanda
Most Recent 2 months, 2 weeks agochoukou
5 months agoStudytime2023
8 months, 2 weeks agoStudytime2023
8 months, 2 weeks agoVokuhila
10 months, 3 weeks agoSneekygeek
1 year agoDurden871
10 months, 2 weeks agod16cba9
6 months, 1 week agocdgdhj
6 months, 1 week agoluisM14
1 year agoDurden871
1 year, 1 month agoDurden871
1 year, 1 month agoDurden871
1 year, 1 month agoDurden871
1 year, 1 month ago4rk4n4
1 year, 1 month agoshimon893
1 year, 2 months agoDChilds
1 year agommmyo
1 year, 2 months agoRamye
1 year, 2 months agoMentalG
1 year, 2 months agoPradeep064
1 year, 3 months agoCollabGuy
1 year, 3 months agoestyj
1 year, 3 months ago