M365 Risky Sign in Self-Remediation

To better protect your account, and reduce the impact of risky sign ins, you might be asked to prove your identity from time to time if your account activity or sign ins are found to be suspicious. It is very easy for you to self-remediate these risks and get access to your account. 

You might notice a prompt to complete Multi-Factor Authentication, or reset your password, if such risk is detected. Follow the instructions below based on the prompt you receive to self-remediate the risk:

NOTE: If you are not registered for Multi-Factor Authentication before you are prompted for the risk, your account login is blocked until an admin can unblock it hence you cannot self-remediate the risk. If this is the case, please contact the IT Service Desk.

1. Help us protect your account (Risky Sign in Self Remediation)

2. Your account security is at risk (Risky User Self Remediation)

TIP! To stay protected, you can regularly review your sign-in history to ensure no one else is able to get into your account and perform malicious activities. Refer here for instructions on how to review sign in history.

 

1. Help us protect your account

This prompt is triggered when something unusual is detected about the sign-in, e.g. signing in from a new location or a new device. You will be asked to complete multi-factor authentication to verify your identity.

To self-remediate a risky sign-in:

1. You see the prompt "Help us protect your account: We've detected something unusual about this sign-in".

2. Click "Next". You are then required to prove your identity by completing Multi-Factor Authentication (MFA) with one of your previously registered methods. For more information on your MFA setup, refer to MFA FAQ.

If you are not registered for Multi-Factor Authentication before you are prompted for the risk, your account login is blocked until an admin can unblock it hence you cannot self-remediate the risk. If this is the case, please contact the IT Service Desk.

 

2. Your account security is at risk

This prompt is triggered for your account if suspicious activity has been detected, e.g., your password was found in a data breach or leaked online.

Once triggered, you will have to perform a password reset:

1. You see the prompt "Your account security is at risk":.

2. Click "Next". User is then required to prove their identity by completing Multi-Factor Authentication (MFA) with one their previously registered methods. For more information on MFA setup, refer to MFA FAQ.

If you are not registered for Multi-Factor Authentication before you are prompted for the risk, your account login is blocked until an admin can unblock it hence you cannot self-remediate the risk. If this is the case, please contact the IT Service Desk.

3. Finally, you are required to change your password using self-service password reset. Refer here for more information on how to reset password using Self-Service Password reset.

Details

Article ID: 3908
Created
Tue 7/5/22 2:42 PM
Modified
Wed 7/6/22 2:22 PM