Stay Ahead of Threats: Microsoft Entra ID Protection Enhances Security Capabilities

Key Takeaways:

• Microsoft Entra ID Protection has introduced streamlined deployment of risk policies and robust defense mechanisms against sophisticated security threats.
• The new Identity Protection risk analysis workbook allows IT admins to comprehensively analyze the impact of activating risk-based Conditional Access Policies.
• Microsoft Entra ID Protection offers improved prevention, investigation, and remediation capabilities, including on-premises password reset.

Microsoft has announced some important updates for its Entra ID Protection service. The new feature offers administrators streamlined deployment of risk policies, comprehensive impact analysis, and robust defense mechanisms against sophisticated security threats.

Last year, Microsoft announced its plans to enable Entra ID Conditional Access policies by default for select Microsoft 365 tenants. The company is gradually rolling out these Microsoft-managed policies, which are aimed at encouraging organizations to switch to using multifactor authentication.

Microsoft has just released a new Identity Protection risk analysis workbook to help administrators understand the implications of these changes on their environments. This workbook lets IT admins analyze the impact of activating risk-based Conditional Access Policies, which could potentially block user sign-ins, mandate multifactor authentication, or facilitate secure password changes.

To access the new workbook, users will need to sign in to the Microsoft Entra admin center as at least a Reports Reader. Navigate to Identity > Monitoring & health > Workbooks, and then choose the “Impact analysis of risk-based access policies workbook” option available under Identity Protection.

Microsoft Entra ID Protection dashboard is now generally available

Microsoft has announced the general availability of a new Entra ID Protection dashboard that launched in public preview in July 2023. It provides key metrics, graphics, and recommended actions to help administrators understand the security posture of their organization. IT admins can now simply click on the “attack counts” option within the Attacks Graphic to access the Risk Detections report for more in-depth analysis. This report includes a newly added “Attack type” column detailing primary attack types.

Improved Prevention, Investigation, and remediation capabilities

Microsoft has released a new feature that lets administrators enable on-premises password reset for resetting user risk within Identity Protection settings. This capability is generally available for commercial customers with Entra P1 and P2 subscriptions.

Microsoft Entra has added new User Risk Investigation skills within the standalone Copilot for Security experience, including User Details, Group Details, Sign-in Logs, Audit Logs, and Diagnostic Logs. These skills enable customers to gain insights into security incidents, while also addressing sign-in concerns and identity-related risks.

Lastly, Microsoft Entra ID Protection has recently added new threat prevention and remediation capabilities to protect organizations against token theft, anomalous graph usage, attacker-in-the-middle (AitM) attacks, and other security threats. The service can now automatically adjust a user’s risk level if they are engaging in an unusually high volume of calls to MS Graph and AAD Graph. Microsoft also highlighted a real-time Anomalous Token Detection feature that leverages risk-based Conditional Access for sign-ins to disrupt token replay attacks.

Microsoft’s recent research study shows that its Entra ID service detects 11 token replay detections per 100,000 active users and 18,000 multifactor authentication (MFA) fatigue attacks per month. These new Entra ID Protection features should enable organizations to proactively manage security risks and protect their data and infrastructure more effectively.