Skip to main content

Azure user risk info

GravityZone pulls Azure AD information from the Risky user report and displays it in the Node details panel of your incidents, in the Graph tab. The dedicated section, called Azure user risk info, offers information on the status of the user account at the time of the incident.

The following details are pulled from Azure AD: riskDetail, riskLevel and riskState.

The tables below show the values for those three fields the way they appear in the Azure AD report, along with their corresponding Bitdefender values.

Table 1. Level (riskLevel)

Azure AD value

Bitdefender value

low

Low

medium

Medium

high

High

hidden

Hidden

none

None

unknownFutureValue

Unknown



Table 2. Status (riskState)

Azure AD value

Bitdefender value

none

None

confirmedSafe

Marked as safe

remediated

Remediated

dismissed

Dismissed

atRisk

At risk

confirmedCompromised

Marked as compromised

unknownFutureValue

Unknown



Table 3. Details (riskDetail)

Azure AD value

Bitdefender value

none

None

adminGeneratedTemporaryPassword

An administrator generated a temporary password.

userPerformedSecuredPasswordChange

A user performed a password change.

userPerformedSecuredPasswordReset

A user performed a password reset.

adminConfirmedSigninSafe

An administrator marked the sign-in as safe.

aiConfirmedSigninSafe

AI marked the sign-in as safe.

userPassedMFADrivenByRiskBasedPolicy

A user successfully passed a multifactor authentication that was triggered by a risk-based policy.

adminDismissedAllRiskForUser

An administrator dismissed all risk for the user.

adminConfirmedSigninCompromised

An administrator marked the sign-in as compromised.

hidden

Hidden

adminConfirmedUserCompromised

An administrator marked the user as compromised.

unknownFutureValue

Unknown