Identity Risk dashboard

The “Identity risk dashboard” summarizes user risk across your Microsoft 365 tenant, with historical trend data. By assessing both attack surface exposure and breach probability, it identifies users' risk levels and offers a detailed breakdown of the factors influencing each user’s risk score.

The dashboard includes the following sections:

• Main dashboard with widgets: provides an overview of key risk areas, highlighting where attention or action is required.
• User vulnerability report: identifies users at risk and specifies the risk level for each.
• User profile vulnerability: presents an analysis of the risk factors affecting each user's risk score.

Main dashboard with widgets

The main dashboard contains the following sections:

User risk distribution

This section summarizes user risk distribution across your tenant. Risk levels are categorized as follows:

• Low: a breach would not significantly compromise tenant security.
• Warning: a breach increases the risk of compromising tenant security.
• Critical: a breach could result in major exposure or unauthorized access to sensitive resources.

Each user's risk level is determined by analyzing two distinct pillars:

1. Breach Probability: indicates the likelihood of account compromise, based on current security settings.
2. Attack Surface: measures the potential impact or damage if a specific user account is compromised.

Selecting any widget (Low, Warning, or Critical) will open the “User vulnerability” report, automatically filtered for users in the selected risk category.

User risk over time

This section displays trends for Critical, Warning, and Low-risk users over time, showing whether the number of users in each risk category has changed during the selected period. You can customize the view to display trends over the past 7, 30, 60, or 90 days. A badge at the bottom highlights the percentage increase or decrease in each category compared to the selected time period.

Users with highest risk score

This widget lists the users with the highest security risk score in your tenant, displaying users sorted from highest to lowest risk score. 

Click “Go to report” to access the full “User vulnerability” report.

Users impacted per risk category

This widget displays the main areas affecting user security. Each category groups several risk factors that contribute to overall risk. 

Click “See details” to review each category and their factors, and review risk factors for each group to address common security issues.

Risk indicators

This widget provides detailed information on how risk is assessed in the “Identity risk dashboard”, including explanations of Breach Probability and Attack Surface, and how risk is calculated. Clicking on each risk indicator opens a panel with detailed information.

User vulnerability report

You can access the “User vulnerability” report by:

• clicking the Low, Warning, or Critical widget in the “User risk distribution” section
• clicking “Go to report” in the “Users with highest risk score” widget

The report lists all active users, providing the following information for each:

• Risk (Compliant, Low, Warning, or Critical)
• Risk impact (the overall risk score calculated for each user)
• Breach Probability
• Attack Surface

Clicking on a user's User Principal Name opens the “User profile vulnerability” card.

User profile vulnerability

You can access the “User profile vulnerability” card by selecting any User Principal Name in the “User vulnerability” report.

The card lists the specific factors contributing to the risk score for each user account, categorized under “Attack Surface” or “Breach Probability.” For each factor, the card displays its contribution to the overall risk score. This enables delegated operators to review the underlying reasons for a user's assessed risk level and identify targeted mitigation steps based on the reported security findings.