Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your Active Directory
Icon for Live Webinar Coming Soon

Live Webinar Coming Soon

Deep Dive: How to Migrate Native GPOs to Microsoft Intune
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference

Home

Security

Secure Azure AD Using Identity Protection

Author avatar - Russell Smith

Russell Smith

 |

Feb 17, 2017

In today’s Ask the Admin, I’ll provide a brief overview of the anomaly detection features used by Microsoft to keep cloud identities safe and how these features have been made commercially available to enterprises in the form of Azure Active Directory (AAD) Identity Protection.

advertisment

 

 

Microsoft claims that 60 percent of all successful attacks rely on compromised credentials, so extra care needs to be taken to protect user identities in Active Directory (AD), and Microsoft’s cloud-based directory services solution, AAD. Microsoft Advanced Threat Analytics (ATA) is a product for protecting user accounts in on-premises AD, and while I haven’t seen it stated anywhere, it’s likely that many of the features in AAD Identity Protection are provided by ATA behind the scenes.

For more information on protecting user identities in on-premise AD using Microsoft ATA, see What Is Microsoft Advanced Threat Analytics? on the Petri IT Knowledgebase.

advertisment

AAD Identity Protection goes beyond simple monitoring and reporting by allowing organizations to set risk-based policies that respond to issues when a specified risk level is reached. For instance, a policy could block access, force a user to reset their password, or stipulate the use of multifactor authentication. AAD configuration issues are also flagged, such as the alerts from AAD Privileged Identity Management and the presence of unmanaged cloud apps.

Azure Active Directory Identity Protection (Image Credit: Microsoft)

Azure Active Directory Identity Protection (Image Credit: Microsoft)

There are six risk event types that AAD Identity Protection detects and each is assigned a risk level: High, Medium, or Low.

  • Users with leaked credentials
  • Sign-ins from anonymous IP addresses
  • Impossible travel to atypical locations
  • Sign-ins from unfamiliar locations
  • Sign-ins from infected devices
  • Sign-ins from IP addresses with suspicious activity

Just like Microsoft ATA, AAD Identity Protection uses machine learning and behavioral analysis to detect malicious activity related to user identities. For each incident that is detected, a risk event is created. Some risk events can be detected in real-time, while others are detected offline. To mitigate risk events, actions defined in policy are activated when a certain risk level is reached.

The default risk level threshold is set to Medium, and Microsoft recommends planning carefully because although high thresholds reduce the frequency at which policies trigger mitigation actions, it also increases the risk of malicious activity. Low and Medium risk thresholds might introduce more inconvenience for users but are more likely to prevent credentials being compromised. Identity Protection allows administrators to select the users to which policies apply, so organizations can create policies for different risk groups.

advertisment

Azure Active Directory Identity Protection Policy (Image Credit: Microsoft)

Azure Active Directory Identity Protection Policy (Image Credit: Microsoft)

Identity Protection is available as part of AD Premium P2 subscriptions, and you can sign up for a free trial at Microsoft’s website here.

In this article, I explained how AAD Identity Protection helps keep cloud user identities safe.

 

More from Russell Smith

This Week in IT Ep 19

Microsoft Takes on Rival Calendly with Outlook Bookings - Plus the Latest IT News Updates
Vertical tabs in Edge and Chrome

Find Open Tabs Faster in Chrome and Edge! - Plus IT News Update and Petri Spotlight
Windows Logo

What’s New with Windows – April 2022

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Security

Windows Server 3 Hero Approved

CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers

May 17, 2022 | Rabia Noureen

Security

F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems

May 9, 2022 | Rabia Noureen

Security

Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks

May 9, 2022 | Rabia Noureen

Security

Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms

May 5, 2022 | Rabia Noureen

DevOps code

GitHub to Require All Code Contributors to Enable 2FA by Late 2023

May 5, 2022 | Rabia Noureen

Security Authenticator

Microsoft Authenticator Now Lets Users Generate Strong Passwords

May 5, 2022 | Rabia Noureen

Most popular on petri

Log in to save content to your profile.

Login

Sign Up

Username/Email

Password

Forgot Password?

Login

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy