🎯 Getting Started with Risky Users in Microsoft 365 In this episode, we break down the Risky Users feature in Microsoft 365 and why it's critical to your organization's identity protection strategy. Whether you're an MSP, IT admin, or security analyst—understanding how to detect and respond to compromised accounts is a must. 🔍 What You’ll Learn ✅ What "risky users" actually means in Microsoft 365 ✅ How Microsoft assigns a risk level using machine learning and trillions of signals ✅ Real-world examples of attacks that generate risk detections ✅ How to view, investigate, and respond to risky users in the Entra admin portal ✅ Common reasons why a risky user may not trigger an alert ✅ Key policies and automations to reduce your exposure 🛡️ Why Watch? Risky users are often the first sign that something's wrong—whether it's token theft, impossible travel, or leaked credentials on the dark web. Learn how to make sense of these alerts and build a better detection and response process around them. Table of Content: 00:00 - Intro 01:15 - Understanding Risky Users 04:36 - Real life example 06:54 - Setting up Alerts to PSA 11:19 - Responding to Risky Users 14:36 - Proactive Posture for Identity Protection 📖 Full Blog: #Microsoft365 #RiskyUsers #identityprotection #EntraID #Cybersecurity #MSP #TMinus365 #AzureAD #TokenTheft #ConditionalAccess #SecurityOps