Microsoft 365 / Azure AD – Exploring Identity Protection service – Exploring Security continues – study material for MS-500

Hi All

Greetings for the day!!!

Exploring security concepts continues… Today we will discuss – Identity Protection service in Azure AD

What is Identity Protection

• Identity protection is the service which enables us to view the security posture of any account
• With Identity Protection service we can do
  • Automate the detection and remediation of identity-based risks.
  • Investigate risks using data in the portal.
  • Export risk detection data to third-party utilities for further analysis.

Detect RISK

As per MICROSOFT Identity Protection can detect following types of RISKS

• Anonymous IP address use
• Atypical travel
• Malware linked IP address
• Unfamiliar sign-in properties
• Leaked credentials
• Password spray
• and more…

RISK signal also triggers respective remediation actions as

• Enabling Multi Factor Authentication (MFA)
• Reset users password using self-service password reset
• Block users access until admin takes any action

Navigating Identity Protection in Azure AD

• Navigate to Microsoft Entra admin center, we have detailed article to navigate Microsoft Entra admin center – Small Tips and Tricks – Microsoft Entra admin center – How to navigate – Microsoft Entra admin center
• As we are in Microsoft Entra admin center

• As in above fig – from Microsoft Entra admin center – click on “Identity Protection” section from “Protect & secure“
• As we click on “Identity Protection” we are redirecting to IdentityProtectionMenuBlade – https://entra.microsoft.com/#view/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/

Identity Protection – OVERVIEW tab – TRENDS and TILES

• On “Overview” tab of Identity Protection we have two sections
  • Trends
  • Tiles
• TRENDS
  • Provides timeline of RISKS in our organization
  • Trends for new risky user detected
  • Trends for new risky sign-ins detected

• TILES
  • Highlights the issues and respective actions to be taken
  • High risk users
  • Medium risk users
  • Unprotected risky sign-ins
  • Legacy authentication

License requirement for Identity Protection

• Azure AD Premium P2 licenses

Roles requires to access Identity Protection

• Global Administrator – full access to Identity Protection
• Security Administrator
  • Full access to Identity Protection
  • But can not reset password for user
• Security Operator
  • View all Identity Protection reports and Overview
  • Dismiss user risk, confirm safe sign-in, confirm compromise
  • Can not configure or change the policies (RISK based policies – will discuss in next article)
  • Can not reset password for user
  • Can not configure alerts
  • Can not access security sign-in reports
• Security Reader
  • View all Identity Protection reports and Overview
  • Can not configure or change the policies (RISK based policies – will discuss in next article)
  • Can not reset password for user
  • Can not configure alerts
  • Can not give feedback on detection
• Global Reader
  • Read-only access to Identity Protection

REFERENCES

• Small Tips and Tricks – Microsoft Entra admin center – How to navigate – Microsoft Entra admin center

Thanks for reading the article !! Please feel free to discuss in case any issues / suggestions / thoughts / questions !

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂