Why can I no longer access Risky Users report when I have been using it for almost a year

Question

Why can I no longer access Risky Users report when I have been using it for almost a year

MarkH 5

Since January I have been doing a regular check on our Risky Users report at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/SecurityMenuBlade/~/RiskyUsers/menuId/RiskyUsers/fromNav/

I also check the Risk sign-ins report. Today, for the first time, I was unable to access the Risky Users report - I get a message saying "Insufficient privileges to complete the operation" along with the following information:

{ "shellProps": { "sessionId": "226ae3786afe4b0d87c8fd6e98c0d865", "extName": "Microsoft_AAD_IdentityProtection", "contentName": "RiskyUsers.ReactView" }, "error": { "message": "Insufficient privileges to complete the operation.", "error": { "data": { "message": "Insufficient privileges to complete the operation.", "capturedErrors": [] } }, "code": null }}

However, I can still access the Risky sign-ins report.

Just wondering if anyone else has come across this, or has any ideas as to what might be causing it?

I have an Office 365 E3 license.

Thanks - Mark

2 answers

Your answer

Answer 1

EduardsGrebezs 1,171

This issue is not caused by your license, but almost certainly by role-based access control (RBAC) changes in Entra ID Identity Protection.

Risky Sign-ins Can be viewed by several built-in roles: Security Reader, Security Operator, Security Administrator, Global Reader, Global Administrator, Reports Reader

Risky Users requires higher permissions. As of late 2024 / early 2025, Microsoft tightened permissions and Risky Users now requires one of these roles: Security Reader, Security Administrator, Global Administrator.

Screenshot 2025-12-09 at 21.21.01

https://v4.hkg1.meaqua.org/en-us/entra/id-protection/concept-risky-user-report

MarkH 5 Reputation points

2025-12-10T08:33:56.7133333+00:00

Thanks Eduards. Appreciate your help, but unfortunately that did not seem to fix the problem. I already had Global Administrator role, and I today I added Reports Reader, Security Administrator, Security Operator, and Security Reader. Still getting the same error though. And I did try logging out and back in again. I'll try again later, in case it takes time for these role changes to propogate.

Mark
EduardsGrebezs 1,171 Reputation points

2025-12-10T12:23:07.36+00:00

Hi, if you will still have the same issue I would try for test to create new user and assign temporary role to exclude option that this is account related. If you will have same issue, it is better to rise ticket to MS maybe some kind of Entra Tenant bug.
MarkH 5 Reputation points

2025-12-10T12:37:08.4633333+00:00

Thanks Eduards - I tried that with an existing test user account, and also with a brand new test user account. Still having the same problem in both cases. I will take your advice and raise a support ticket.

Thanks again!

Mark

Answer 2

MarkH 5

Hi Eduards - it looks like this is a licensing issue. Here's the response I got from MS Support:

"I took a closer look at your scenario, and the behavior you are seeing is expected due to licensing requirements. While you were previously able to access the Risky Users report, Microsoft recently tightened the licensing enforcement for this feature. As a result, only tenants with an active Microsoft Entra ID P2 license can now fully access the Risky Users blade. To clarify:

Entra ID Free / P1: provides only very limited user risk information.
Entra ID P2: required for full access to the Risky Users report, including detailed insights and remediation options."

Thanks for getting back to me.

Mark

EduardsGrebezs 1,171 Reputation points

2025-12-10T17:34:19.4333333+00:00

Same as I mentioned and added screenshot, interesting that they didn't mentioned what exactly means tightened.

And of course with Office 365 E3 you only have Entra ID Free.

Share via

Why can I no longer access Risky Users report when I have been using it for almost a year

2 answers

Your answer