As you know, with Entra ID P2 you can implement Risk-Based Conditional Access policies.
It is sometime no easy to understand what is going to happen with implementing Conditional Access policies.
Well, good news, this new workbook – Impact analysis of risk-based access policies – will help you understand the impact.
The workbook will emulate Risk-Based conditional access policy, there is no need to have such policy in place.
To start using this report, you first need to have set your Entra ID Diagnostic Settings to use a Log Analytics workspace to save Sign In Logs, Risky Users, User Risk Events.
Then you can use the workbook by accessing the Monitoring & health\Workbooks blade to open the Impact analysis of risk-based access policies workbook.
Then you will need to edit the workbook to set your Log Analytics workspace; this will help you to not set all the time the workspace when you use the workbook.
The report will cover:
- An impact summary of recommended risk-based access policies including an overview of:
- User risk scenarios
- Sign-in risk and trusted network scenarios
- Impact details including details for unique users:
- User risk scenarios like:
- High risk users not being blocked by a risk-based access policy
- High risk users not being prompted to change their password by a risk-based access policy
- Users that changed their password due to a risk-based access policy
- Risky users not successfully signing-in due to a risk-based access policy
- Users who remediated risk by an on-premises password reset
- Users who remediated risk by remediated by a cloud-based password reset
- Sign-in risk policy scenarios like:
- High risk sign-ins not being blocked by a risk-based access policy
- High risk sign-ins not self-remediating using multifactor authentication by a risk-based access policy
- Risky sign-ins that weren’t successful due to a risk-based access policy
- Risky sign-ins remediated by multifactor authentication
- Network details including top IP addresses not listed as a trusted network
