| title | description | services | keywords | documentationcenter | author | manager | ms.assetid | ms.service | ms.component | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author | ms.reviewer |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
How to unblock users with Azure Active Directory Identity Protection | Microsoft Docs |
Learn how unblock users that were blocked by an Azure Active Directory Identity Protection policy. |
active-directory |
azure active directory identity protection, unblock user |
MarkusVi |
mtillman |
a953d425-a3ef-41f8-a55d-0202c3f250a7 |
active-directory |
conditional-access |
identity |
na |
na |
article |
09/13/2018 |
markvi |
raluthra |
With Azure Active Directory Identity Protection, you can configure policies to block users if the configured conditions are satisfied. Typically, a blocked user contacts help desk to become unblocked. This article explains the steps you can perform to unblock a blocked user.
As a first step to unblock a user, you need to determine the type of policy that has blocked the user because your next steps are depending on it. With Azure Active Directory Identity Protection, a user can be either blocked by a sign-in risk policy or a user risk policy.
You can get the type of policy that has blocked a user from the heading in the dialog that was presented to the user during a sign-in attempt:
| Policy | User dialog |
|---|---|
| Sign-in risk |  |
| User risk |  |
A user that is blocked by:
- A sign-in risk policy is also known as suspicious sign-in
- A user risk policy is also known as an account at risk
To unblock a suspicious sign-in, you have the following options:
- Sign in from a familiar location or device - A common reason for blocked suspicious sign-ins are sign-in attempts from unfamiliar locations or devices. Your users can quickly determine whether this is the blocking reason by trying to sign-in from a familiar location or device.
- Exclude from policy - If you think that the current configuration of your sign-in policy is causing issues for specific users, you can exclude the users from it. For more information, see Azure Active Directory Identity Protection.
- Disable policy - If you think that your policy configuration is causing issues for all your users, you can disable the policy. For more information, see Azure Active Directory Identity Protection.
To unblock an account at risk, you have the following options:
- Reset password - You can reset the user's password.
- Dismiss all risk events - The user risk policy blocks a user if the configured user risk level for blocking access has been reached. You can reduce a user's risk level by manually closing reported risk events.
- Exclude from policy - If you think that the current configuration of your sign-in policy is causing issues for specific users, you can exclude the users from it. For more information, see Azure Active Directory Identity Protection.
- Disable policy - If you think that your policy configuration is causing issues for all your users, you can disable the policy. For more information, see Azure Active Directory Identity Protection.
Do you want to know more about Azure AD Identity Protection? Check out Azure Active Directory Identity Protection.