Itentity Protection: Unusual sign-in activity does not show in Azure Portal but on


  • For a test case I tried to sign in to my Azure Portal environment with an Indian IP address using a wrong password.

    After 1 or 2 minutes I received an e-mail from the Microsoft Account Protection team regarding this unusual sign-in activity. 

    I am expecting Azure Active Directory Identity Protection to show similar information in the Identity Protection blade but it does not. 

    Does anyone know why Azure AD IP does not show this, or is it because there's a different in real-time and offline detection which takes respectively 2-4 minutes and a few hours?

    Monday, April 24, 2017 8:55 AM

All replies

  • The goal of identity protection is to detect accounts that might have been compromised.

    A wrong password is for IP not relevant and your IP not necessarily suspicious. For more details, see Azure Active Directory risk events.


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Tuesday, April 25, 2017 5:39 PM