GravityZone pulls Azure AD information from the Risky user report and displays it in the Node details panel of your incidents, in the Graph tab. The dedicated section, called Azure user risk info, offers information on the status of the user account at the time of the incident.
The following details are pulled from Azure AD: riskDetail
, riskLevel
and riskState
.
The tables below show the values for those three fields the way they appear in the Azure AD report, along with their corresponding Bitdefender values.
Azure AD value | Bitdefender value |
---|---|
low | Low |
medium | Medium |
high | High |
hidden | Hidden |
none | None |
unknownFutureValue | Unknown |
Azure AD value | Bitdefender value |
---|---|
none | None |
confirmedSafe | Marked as safe |
remediated | Remediated |
dismissed | Dismissed |
atRisk | At risk |
confirmedCompromised | Marked as compromised |
unknownFutureValue | Unknown |
Azure AD value | Bitdefender value |
---|---|
none | None |
adminGeneratedTemporaryPassword | An administrator generated a temporary password. |
userPerformedSecuredPasswordChange | A user performed a password change. |
userPerformedSecuredPasswordReset | A user performed a password reset. |
adminConfirmedSigninSafe | An administrator marked the sign-in as safe. |
aiConfirmedSigninSafe | AI marked the sign-in as safe. |
userPassedMFADrivenByRiskBasedPolicy | A user successfully passed a multifactor authentication that was triggered by a risk-based policy. |
adminDismissedAllRiskForUser | An administrator dismissed all risk for the user. |
adminConfirmedSigninCompromised | An administrator marked the sign-in as compromised. |
hidden | Hidden |
adminConfirmedUserCompromised | An administrator marked the user as compromised. |
unknownFutureValue | Unknown |