we're in the job of reducing risk within our organization and to that end we have

a couple of policies here we have a user signin risk policy and we have a user risk
policy so this is where I can come in here and you can see in this example I've
selected three of my most important users for example they could be Senior
Management and so on and you can categorize them so you can set the risk level of
these users okay so this is a particularly sensitive account again you categorize
them more than that though you can then say based on that categorization I'm going
to allow the either allow block access allow access or require a password change
personally I would always just go with the block access any kind of sensitive
accounts a password change would potentially cause issues and ultimately we want to
get away from using passwords as much as possible now along along with the risk of
the user you can also do something uh similar with sign in Risk so again I've added
my same three users again I've added them as a category of high but this time
instead of blocking access I require multiactor authentication and this is an great
additional layer of security now one of the real benefits of identity protection is
that you don't just get signning reports but you also get risky signin reports and
it shows you uh if there's any particular risky signin for example things like
impossible travel so I sign today I sign on today in Edinburgh and in 15 minutes I
sign on from Sydney Australia now it does know the difference between vpns and you
can factor that feature in of course but the key thing is that it's going to show
you risky sign in activity and uh the key thing is I can then block that user if I
want to or I can dismiss it you know if it was a VPN I can say that it's fine or
more importantly you can confirm that the user has been compromised and this kind
of kind of connects in with Microsoft's Defender set of products as well which is
super super useful so if you want to see gain kind of a little bit more visib ility
into your users then this is a really really useful feature just one additional
thing um this is a new feature so if I go into settings here um if you are one of
those organizations like many and you're in hybrid definitely want to switch this
on it's currently in uh preview allow on premises password change to reset the user
risk I am not a fan of self-service password right right back this is where in
hybrid the user can go up here reset their password and it resets it back to active
directory as well personally I consider this to be a potential back door and you
want to avoid that but this feature would essentially um change the sign in risk
and it would trigger an alert and that's quite useful um and it also uh can connect
in and I really like it where it connects into conditional access and I've done
videos on that in the past and if you want to see those check them out in my
identity playlist