High risk email caused unnecessary concern and gave a wrong link.
I received an email from Microsoft alerting me to "user at risk detected". I had never received an email like this, and was unsure if it was legitimate or not. I logged into the Azure portal (I did not have an Azure account for this client) and then pasted in the link. it did not bring up any information - just the Azure portal menus on the top and sides, and nothing in the main blade that was being displayed.
I wrote to tech support and eventually we figured out how to view the AAD via the Office365 Admin Portal.
I do not know what caused this email to be sent, and what person at Microsoft constructed it, but it would have been nicer if:
- You including some identifying information for the particular account so that I know it is not a phishing email.
- You made sure that the link worked. If I had to login with a particular username (besides my own username which has admin privileges) that would also be important.
- I still have not found a report online that matches the risk identified in the email, so the email has not been useful to me other than to instill unnecessary fear.