You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/identity-protection/howto-identity-protection-configure-risk-policies.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,7 +74,7 @@ Before organizations enable remediation policies, they may want to [investigate]
74
74
1. Select **Done**.
75
75
1. Under **Cloud apps or actions** > **Include**, select **All cloud apps**.
76
76
1. Under **Conditions** > **User risk**, set **Configure** to **Yes**.
77
-
1. Under **Configure user risk levels needed for policy to be enforced**, select **High**. ([This is based on Microsoft recommendations and may be different for each organization](#choosing-acceptable-risk-levels))
77
+
1. Under **Configure user risk levels needed for policy to be enforced**, select **High**. ([This guidance is based on Microsoft recommendations and may be different for each organization](#choosing-acceptable-risk-levels))
@@ -99,7 +99,7 @@ After confirming your settings using [report-only mode](../conditional-access/ho
99
99
1. Under **Exclude**, select **Users and groups** and choose your organization's emergency access or break-glass accounts.
100
100
1. Select **Done**.
101
101
1. Under **Cloud apps or actions** > **Include**, select **All cloud apps**.
102
-
1. Under **Conditions** > **Sign-in risk**, set **Configure** to **Yes**. Under **Select the sign-in risk level this policy will apply to**. ([This is based on Microsoft recommendations and may be different for each organization](#choosing-acceptable-risk-levels))
102
+
1. Under **Conditions** > **Sign-in risk**, set **Configure** to **Yes**. Under **Select the sign-in risk level this policy will apply to**. ([This guidance is based on Microsoft recommendations and may be different for each organization](#choosing-acceptable-risk-levels))
103
103
1. Select **High** and **Medium**.
104
104
1. Select **Done**.
105
105
1. Under **Access controls** > **Grant**.
@@ -129,7 +129,7 @@ If you already have risk policies enabled in Identity Protection, we highly reco
129
129
130
130
### Migrating to Conditional Access
131
131
132
-
1. **Create an equivalent**[user risk-based](#user-risk-policy-in-conditional-access) and [sign-in risk-based ](#sign-in-risk-policy-in-conditional-access) policy in Conditional Access in report-only mode. You can do this with the steps above or using [Conditional Access templates](../conditional-access/concept-conditional-access-policy-common.md#common-conditional-access-policies) based on Microsoft's recommendations.
132
+
1. **Create an equivalent**[user risk-based](#user-risk-policy-in-conditional-access) and [sign-in risk-based ](#sign-in-risk-policy-in-conditional-access) policy in Conditional Access in report-only mode. You can create a policy with the steps above or using [Conditional Access templates](../conditional-access/concept-conditional-access-policy-common.md#common-conditional-access-policies) based on Microsoft's recommendations and your organizational requirements.
133
133
1. Ensure that the new Conditional Access risk policy works as expected by testing it in [report-only mode](../conditional-access/howto-conditional-access-insights-reporting.md).
134
134
1. **Enable** the new Conditional Access risk policy. You can choose to have both policies running side-by-side to confirm the new policies are working as expected before turning off the Identity Protection risk policies.
135
135
1. Browse back to **Azure Active Directory** > **Security** > **Conditional Access**.
0 commit comments