Protecting identities with Azure Active Directory Identity Protection

Posted on 26 June 2017

Nowadays, the vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Discovering compromised identities ASAP is extremely important, and fortunately Azure Active Directory Identity Protection is a fantastic tool for the job.

Over the years, attackers have become increasingly effective in leveraging third party breaches and using sophisticated phishing attacks. As soon as an attacker gains access to even low privileged user accounts, it is relatively easy for them to gain access to important company resources through lateral movement.

As a consequence of this, you need to:

  • Protect all identities regardless of their privilege level
  • Proactively prevent compromised identities from being abused

Azure Active Directory Identity Protection is a feature of the Azure AD Premium P2 edition that enables you to:

Detect vulnerabilities and risky accounts

  • Providing custom recommendations to improve overall security posture by highlighting vulnerabilities
  • Calculating sign-in risk levels
  • Calculating user risk levels

Investigate risk events

  • Sending notifications for risk events
  • Investigating risk events using relevant and contextual information
  • Providing basic workflows to track investigations
  • Providing easy access to remediation actions such as password reset

Risk-based conditional access policies

  • Policy to mitigate risky sign-ins by blocking sign-ins or requiring multi-factor authentication challenges.
  • Policy to block or secure risky user accounts
  • Policy to require users to register for multi-factor authentication

3 role levels

Azure Active Directory Identity Protection provides 3 role levels to support this:

  • Global administrator – has full access to Identity Protection, Onboard Identity Protection
  • Security administrator – has full access to identity protection, but they cannot access Onboard identity protection or reset passwords for users
  • Security reader – has read-only access to identity protection. They have the same exclusions as the Security administrator and in addition they cannot remediate users nor configure policies

In future blog articles we will be looking a little more in-depth to this important product, but in the meantime if you have any questions on Azure Active Directory identity protection, please contact us.

A few people we've already done it for