In this task, you will review the Azure AD Identity Protection reports generated from the ToR browser logins.
Back in the Azure portal, use the Directory + subscription filter to switch to the AdatumLab500-04 Azure Active Directory tenant.
On the AdatumLab500-04 blade, in the Manage section, click Security.
On the Security | Getting started blade, in the Reports section, click Risky users.
Review the report and identify any entries referencing the aaduser3 user account.
On the Security | Getting started blade, in the Reports section, click Risky sign-ins.
Review the report and identify any entries corresponding to the sign-in with the aaduser3 user account.
Under Reports click Risk detections.
Review the report and identify any entries representing the sign-in from anonymous IP address generated by the ToR browser.
Note: It may take 10-15 minutes to risks to show up in reports.
Result: You have enabled Azure AD Identity Protection, configured user risk policy and sign-in risk policy, as well as validated Azure AD Identity Protection configuration by simulating risk events.