A while ago, one of my colleagues contacted me with a login issue.

The colleague was trying to log into a customers environment (where she is a guest user) with her company account (from our company). When trying to login, this error appeared:

In Microsoft Entra ID, the is a functionality called Risky Sign-ins. Users that try to log in a “weird” way, for instance login from a Dutch IP one minute after login from a Swedish IP (there is a link at the bottom of the post with more detailed information.

This information is logged in EntraID and (sometimes) acted upon. The reason i say sometimes, is because the action part requires an EntraID P2 license.

When the colleague contacted me, I thought that this should not be happening, because we do not have EntraID P2 licenses for our users.

After some digging and looking at the colleagues account, in the Azure Portal, i saw that it had a risky login and when I cleared it, it started working.

Apparently the information about risky login follows the guest accounts over to our customers tenant and the customer had enforcement of risky users enabled… well, I learned something today as well 🙂

Links:
https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks