365 Risky Login Detection

Alert title: “Risky Login”

Description: Alerts if a user login event is marked as “Risky” by Microsoft.


  • It is possible to ignore users
  • It is possible to ignore login from specific IP addresses

The problem: This alert is triggered if a login is suspected as being “Risky” (potentially fraudulent, unwanted). It might be a compromised account. 

Impact: If it is was not an authorised login,  may be an indication of an account breach (intrusion). 

Suggested steps: Engage a technician to confirm that the alert is accurate. If the account has been compromised, take mitigation steps.