Azure AD end-users can now review, report unusual sign in activity

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Today Microsoft announced the General Availability of Azure AD My Sign-Ins—a new feature that allows enterprise users to review their sign-in history to check for any unusual activity.

The My Sign-Ins page empowers users to see:

  • If anyone is trying to guess their password.
  • If an attacker successfully signed in to their account from a strange location.
  • What apps the attacker accessed.

The newest addition to this page allows end users to report “This wasn’t me” or “This was me” on unusual activities.

Unusual activity

Microsoft now highlights suspicious activities that they’ve detected with Identity Protection at the top. For example, if a risky sign-in was automatically detected, it would get bubbled up to the top under a new section for “Unusual activity”:

SI1.png

Microsoft also added “This wasn’t me” and “This was me” buttons for unusual activities. If a user chooses “This wasn’t me”, then they would see this dialogue:

SI2.png

They would then be taken to the Security info page to review and update their authentication methods.

SI3.png

If a user chooses “This was me”, then they will see this dialogue:

SI4.png

The end-user feedback will help improve the accuracy of Microsoft’s risk detection systems. System Admins can monitor what their users are choosing by checking the audit logs, and use that information to help you decide whether to confirm or dismiss the risk.

Recent activity

If a user doesn’t have any suspicious sign-ins, then they’ll just see the “Recent activity” section. Users can also review their normal sign-ins and report if anything looks strange by clicking “Look unfamiliar? Secure your account”.

SI5.png

Users can also see if anyone else is trying to guess their password. In that case, they’d see an “Unsuccessful sign-in” like this:

SI6.png

Searching and Filtering

Microsoft also heard feedback about the need for better filtering and now you can use the Search bar at the top to look at only the “Unsuccessful” sign-ins.

SI7.png

You can also use the Search bar to filter for other details like the app, browser, location, operating system, etc.

Finally, Microsoft made My Sign-Ins more mobile-friendly too,

SI8.png

A similar feature is available for personal email too, with a Recent Activity page for consumers with Microsoft Accounts at: https://account.live.com/activity.

User forum

0 messages