At-Risk User Trends

The Top At-Risk User Trends widget shows the number of Office 365 users in your organization triggering high risk events over a period of time. By obtaining and aggregating high risk event data from Trend Vision One and Microsoft Identity Protection, Cloud App Security allows you to learn about the risk trends of Office 365 users in your organization based on a wide range of risk information.

  • This widget is available only after you have provisioned one or more Office 365 services for your organization.

  • For Cloud App Security to obtain data from the sources, make sure you have performed the following:

    • To obtain data from Trend Vision One, grant the data upload permission for the data source Email Sensor, Azure AD, or Office 365 on Trend Vision One.

      Data contributed by Trend Vision One is available only when you select the default organization.

    • To obtain data from Microsoft Identity Protection, provision an account for Microsoft Identity Protection.

  • Select the data sources at the top of the Internal User Risk Analytics widgets to view the corresponding results.

The high risk events fall into the following categories:

  • Suspicious sign-in activities: sign-in activities with anomalous attributes, such as IP address, location, or browser

  • Suspicious credential activities: activities indicating credential attack or compromise

  • Suspicious user activities: unusual user behavior, such as abnormal permission assignment and suspicious access or configuration

  • Admin confirmed user compromised: user compromise confirmed by administrators

Click a risk category to view or hide the number of users triggering the risk events in this category in the trend graph.

Hover over a point in the trend graph to view details about the triggering users.

Use the drop-down menu to select the time period to view.

Click Go to Operations Dashboard to view more risk information about the users in your organization.

The Operations Dashboard in Trend Vision One aggregates data from wider sources and dimensions to provide you in-depth and comprehensive risk insights.