Share via

Why can I no longer access Risky Users report when I have been using it for almost a year

MarkH 5 Reputation points
2025-12-09T18:24:12.19+00:00

Since January I have been doing a regular check on our Risky Users report at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/SecurityMenuBlade/~/RiskyUsers/menuId/RiskyUsers/fromNav/

I also check the Risk sign-ins report. Today, for the first time, I was unable to access the Risky Users report - I get a message saying "Insufficient privileges to complete the operation" along with the following information:

{ "shellProps": { "sessionId": "226ae3786afe4b0d87c8fd6e98c0d865", "extName": "Microsoft_AAD_IdentityProtection", "contentName": "RiskyUsers.ReactView" }, "error": { "message": "Insufficient privileges to complete the operation.", "error": { "data": { "message": "Insufficient privileges to complete the operation.", "capturedErrors": [] } }, "code": null }}

However, I can still access the Risky sign-ins report.

Just wondering if anyone else has come across this, or has any ideas as to what might be causing it?

I have an Office 365 E3 license.

Thanks - Mark

Microsoft Security | Microsoft Entra | Other
Answer recommended by moderator
  1. MarkH 5 Reputation points
    2025-12-10T17:20:55.9433333+00:00

    Hi Eduards - it looks like this is a licensing issue. Here's the response I got from MS Support:

    "I took a closer look at your scenario, and the behavior you are seeing is expected due to licensing requirements. While you were previously able to access the Risky Users report, Microsoft recently tightened the licensing enforcement for this feature. As a result, only tenants with an active Microsoft Entra ID P2 license can now fully access the Risky Users blade. To clarify:

    • Entra ID Free / P1: provides only very limited user risk information.
    • Entra ID P2: required for full access to the Risky Users report, including detailed insights and remediation options."

    Thanks for getting back to me.

    Mark

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Draighen 5 Reputation points
    2026-02-06T20:41:59.32+00:00

    Update:

    I enabled the 30-day trial of P1 and had it cancel after the 30-days. During the trial I could again see the Risky Users of the Tenancy. The trial ended end of January. I removed the license from my account.

    I can still see the Risky Users. I'm glad it is back (I believe I know why but like fight-club we don't talk about it).

    When I see a Risky User I manually investigate; review sign-ins, country coming from, talk to the user, check their mailbox (rules and such), and make a determination. And of course the hard part is forcing the password change, kick everything, redo MFA, and fix their mailbox when these bad vectors muck with it.

    If being able to view Risky Users again goes away we'll invest in one (1) P1 for my GA account.

    0 comments
  2. EduardsGrebezs 1,186 Reputation points
    2025-12-09T19:23:16.1566667+00:00

    This issue is not caused by your license, but almost certainly by role-based access control (RBAC) changes in Entra ID Identity Protection.

    Risky Sign-ins Can be viewed by several built-in roles: Security Reader, Security Operator, Security Administrator, Global Reader, Global Administrator, Reports Reader

    Risky Users requires higher permissions. As of late 2024 / early 2025, Microsoft tightened permissions and Risky Users now requires one of these roles: Security Reader, Security Administrator, Global Administrator.

    Screenshot 2025-12-09 at 21.21.01

    https://dori-uw-1.kuma-moon.com/en-us/entra/id-protection/concept-risky-user-report

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.