- Microsoft’s Entra ID Protection update introduces automated user risk remediation in hybrid environments, streamlining security by automatically addressing risks when passwords are changed on-premises.
- IT administrators can confidently deploy user risk policies, ensuring secure operations for hybrid employees.
- Entra ID Protection seamlessly integrates machine learning to detect and counter identity-based risks.
Microsoft has released a new update for its Entra ID Protection service. The security feature is designed to let IT admins automatically remediate user risk when on-premises password changes happen in hybrid environments.
Microsoft Entra ID Protection (formerly called Azure AD Identity Protection) is a security tool that allows customers to detect, investigate, and mitigate identity-based risks. The service uses machine learning to detect malicious activities such as anonymous IP address usage, leaked credentials, and password spray attacks. It’s also possible to integrate Entra ID Protection with other security solutions.
“While we recommend mastering password changes in Entra ID to take advantage of Password Protection, hybrid customers who do password changes on-premises found it challenging to enable user risk policies. Users would get blocked when becoming risky and could not self-remediate by resetting passwords on-premises because the password change wasn’t visible to Entra ID, and so couldn’t dismiss the risk,” said Alex Weinert, VP and Director of Identity Security at Microsoft.
Microsoft highlighted that the new feature allows hybrid users to mitigate risks when a password is changed in on-premises environments. Moreover, IT Pros can confidently deploy user risk policies that require password changes to protect hybrid employees. This approach should help organizations to boost their security posture and streamline security management.
To get started, IT admins will need to head over to the Microsoft Entra Admin Center portal. Then, turn on the “Allow on-premises password change to reset user risk” setting.
However, keep in mind that this setting is only available for organizations that have already enabled “Password Hash Synchronization” in their tenants. If you’re interested, you can find more details about the Entra ID Identity Protection remediation capabilities on this support page.