Microsoft 365 / Azure AD – Exploring Identity Protection service – Exploring Security continues – study material for MS-500

Hi All
Greetings for the day!!!
Exploring security concepts continues… Today we will discuss – Identity Protection service in Azure AD
What is Identity Protection
- Identity protection is the service which enables us to view the security posture of any account
- With Identity Protection service we can do
- Automate the detection and remediation of identity-based risks.
- Investigate risks using data in the portal.
- Export risk detection data to third-party utilities for further analysis.
Detect RISK
As per MICROSOFT Identity Protection can detect following types of RISKS
- Anonymous IP address use
- Atypical travel
- Malware linked IP address
- Unfamiliar sign-in properties
- Leaked credentials
- Password spray
- and more…
RISK signal also triggers respective remediation actions as
- Enabling Multi Factor Authentication (MFA)
- Reset users password using self-service password reset
- Block users access until admin takes any action
Navigating Identity Protection in Azure AD
- Navigate to Microsoft Entra admin center, we have detailed article to navigate Microsoft Entra admin center – Small Tips and Tricks – Microsoft Entra admin center – How to navigate – Microsoft Entra admin center
- As we are in Microsoft Entra admin center

- As in above fig – from Microsoft Entra admin center – click on “Identity Protection” section from “Protect & secure“
- As we click on “Identity Protection” we are redirecting to IdentityProtectionMenuBlade – https://entra.microsoft.com/#view/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/
Identity Protection – OVERVIEW tab – TRENDS and TILES
- On “Overview” tab of Identity Protection we have two sections
- Trends
- Tiles
- TRENDS
- Provides timeline of RISKS in our organization
- Trends for new risky user detected
- Trends for new risky sign-ins detected
- TILES
- Highlights the issues and respective actions to be taken
- High risk users
- Medium risk users
- Unprotected risky sign-ins
- Legacy authentication
License requirement for Identity Protection
- Azure AD Premium P2 licenses
Roles requires to access Identity Protection
- Global Administrator – full access to Identity Protection
- Security Administrator
- Full access to Identity Protection
- But can not reset password for user
- Full access to Identity Protection
- Security Operator
- View all Identity Protection reports and Overview
- Dismiss user risk, confirm safe sign-in, confirm compromise
- Can not configure or change the policies (RISK based policies – will discuss in next article)
- Can not reset password for user
- Can not configure alerts
- Can not access security sign-in reports
- Security Reader
- View all Identity Protection reports and Overview
- Can not configure or change the policies (RISK based policies – will discuss in next article)
- Can not reset password for user
- Can not configure alerts
- Can not give feedback on detection
- Global Reader
- Read-only access to Identity Protection
- Read-only access to Identity Protection
REFERENCES
Thanks for reading the article !! Please feel free to discuss in case any issues / suggestions / thoughts / questions !
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂
You must log in to post a comment.