Azure Identity Protection, a feature of Microsoft’s Azure Active Directory, is a cutting-edge solution designed to safeguard organisations from identity-based threats. It’s a proactive approach, leveraging vast amounts of data and advanced algorithms, to detect, investigate, and address potential risks associated with user identities.
Risk Detection
Azure Identity Protection is constantly evolving, with Microsoft continuously updating its risk detection capabilities. This system benefits from the analysis of trillions of signals daily, sourced from platforms like Active Directory, Microsoft Accounts, and even Xbox. Some of the behaviours it can detect include:
- Usage of anonymous IP addresses.
- Password spray attacks.
- Instances of leaked credentials.
Every time a user signs in, the system evaluates the risk associated with that session. Depending on the detected risk level, appropriate policies are activated to ensure both the user and the organisation remain secure.
Risk Investigation
Azure Identity Protection offers detailed reporting tools for administrators. These reports help in:
- Tracking each detected risk.
- Monitoring sign-ins associated with one or more risks.
- Identifying users who have been flagged for risky behaviour or have had risk detections reported.
These reports are invaluable for IT teams to delve deeper into potential threats and address them effectively.
Risk Remediation
Given the vast number of potential threats, automation is crucial. Azure Identity Protection offers:
- Automatic Remediation: By using Risk-based Conditional Access policies, the system can prompt users for additional verification methods, such as multifactor authentication or secure password resets, based on the detected risk. Successful completion of these steps automatically resolves the risk.
- Manual Remediation: In cases where automatic remediation isn’t activated, administrators can manually review and address risks using the provided reports.
Data Utilisation
Data from Azure Identity Protection can be integrated with other tools for further analysis or archiving. Organisations can export this data to their Security Information and Event Management (SIEM) tools or other platforms for deeper insights.
Access and Roles
To access Azure Identity Protection, users need specific roles like Security Reader, Security Operator, or Global Administrator. Each role has distinct permissions, ensuring that users can only access and modify information relevant to their responsibilities.
Licensing
Utilising Azure Identity Protection requires an Azure AD Premium P2 licence. This licence provides access to advanced features like risk policies, detailed security reports, and notifications.
We hope this overview provides a clear understanding of Azure Identity Protection and its capabilities. At IT.ie, we’re committed to offering top-tier Managed IT Services to our clients in Ireland, ensuring that your organisation remains secure and efficient in today’s digital landscape.
