Critical

Active risky sign-ins

Identifies ongoing risky sign-ins that need investigation.

Category: Identity Protection
Default severity: Critical
Rule key: CHECK_RISKY_SIGN_INS
Last updated: February 20, 2026

How to fix it

Investigate and remediate risky sign-ins immediately. Force password reset and MFA re-registration as needed.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

IdentityRiskEvent.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →