This part is all about investigating the alerts and events that are triggered by the risk policies. So basically, a security related person needs to review all users that got flagged based on policies and take a look at the particular risk events that triggered this alert and so contributed to the higher risk level. It's also important to define a workflow that is used to take the corresponding actions.

It also needs someone who regularly investigates the vulnerability warnings and recommendations and estimates the real risk level for the organization.

It's important to take a closer look at the risk policies that can be configured in Azure AD Identity Protection.

We will skip the Multi-factor ...