Risk and behavior evaluation
Risk scoring and Behavior Detection both use data-driven models to evaluate sign-in requests and prevent credential-based attacks. Risk-based authentication automatically evaluates risk using multiple features such as IP address, device, and behaviors together for each user attempting to access the network. Behavior Detection enables you to configure policies to track specific behavior and define an action to take if there's a change in the tracked behavior for a user.
You can configure how these properties are evaluated and applied in your global session policy rules. For example, you can configure a rule to evaluate changes in user behavior and require MFA if a user signs in from a new location or with a new device. By configuring global session policy rules to evaluate the risk level and identify unusual behavior, you control the risk level or types of behavior to report.
This information can also be useful without being explicitly configured in global session policy rules. To improve the visibility of this information without requiring manual configuration, orgs can report the results of the risk and behavior evaluation for all sign-in requests.