Microsoft Graph Security risk indicators 编辑
Microsoft Graph Security receives data from the Azure AD Identity Protection or Microsoft Defender for Endpoint security providers, and sends the information to Citrix Analytics.
Azure AD Identity Protection triggers the following risk indicators and sends the information to Microsoft Graph Security:
Anonymous IP address
Impossible travel to atypical locations
Users with leaked credentials
Sign-ins from infected devices
Sign-ins from IP addresses with suspicious activity
Sign-ins from unfamiliar locations
For information about Defender for Endpoint, see Microsoft Defender for Endpoint.
The risk factor associated with the risk indicators is the IP-based risk indicators. For more information about the risk factors, see Citrix user risk indicators.
How to analyze Microsoft Graph Security risk indicators
Consider a user Maria Brown who exhibits one of the risky behaviors mentioned previously. Microsoft detects the incident and generates an alert. Citrix Analytics retrieves this alert and assigns an updated risk score to Maria Brown. Also, the appropriate risk indicator is added to Maria Brown’s risk timeline.
To view the Microsoft Graph Security risk indicator entry for a user, navigate to Security > Users, and select the user.
From Maria’s timeline, you can select the latest risk indicator entry from the risk timeline. Its corresponding detailed information panel appears in the right pane. The WHAT HAPPENED section provides a brief summary of the risk indicator.
How to get more information about the risk indicators
For more information, see Azure Active Directory risk events.
What actions you can apply to the user
Currently, the ability to take appropriate actions on the user’s account through the Microsoft Graph Security data source is not available.
For information on Microsoft Graph Security onboarding, see Microsoft Graph Security.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论