What report should you check to assess if the identity of an Azure AD user was compromised within the past 90 days?

To assess if the identity of an Azure AD user was compromised within the past 90 days, the most relevant report to check is the risk detections report. This report provides detailed information about potential security threats related to user identities, including any compromised accounts. It aggregates various risk detection events that help in identifying abnormal activities or behaviors associated with user accounts.

The risk detections report focuses specifically on identifying users whose accounts may have been exposed to risks such as sign-ins from unusual locations, impossible travel, or suspicious application access. By reviewing this report, you can pinpoint specific users and actions that indicate a breach or compromised status within the defined time frame.

In contrast, while the other options provide valuable information about user security risks, they serve different purposes. The risky users report provides an overview of users flagged as risky but does not focus specifically on the identity's compromise details over a specific duration. The risky sign-ins report is focused on sign-in events detected as risky, but it may not directly indicate that a user's identity has been compromised. The Identity Secure Score recommendations give insights into overall security postures and suggestions for improvements rather than pinpointing user identity issues directly.