Microsoft 365 / Azure AD – Exploring Identity Protection service – Exploring Security continues – study material for MS-500

fig : Microsoft Entra admin center - Identity Protection blade
fig : Microsoft Entra admin center - Identity Protection blade

Hi All

Greetings for the day!!!

Exploring security concepts continues… Today we will discuss – Identity Protection service in Azure AD

What is Identity Protection

  • Identity protection is the service which enables us to view the security posture of any account
  • With Identity Protection service we can do
    • Automate the detection and remediation of identity-based risks.
    • Investigate risks using data in the portal.
    • Export risk detection data to third-party utilities for further analysis.

Detect RISK

As per MICROSOFT Identity Protection can detect following types of RISKS

  • Anonymous IP address use
  • Atypical travel
  • Malware linked IP address
  • Unfamiliar sign-in properties
  • Leaked credentials
  • Password spray
  • and more…

RISK signal also triggers respective remediation actions as

  • Enabling Multi Factor Authentication (MFA)
  • Reset users password using self-service password reset
  • Block users access until admin takes any action

Navigating Identity Protection in Azure AD

fig : Microsoft Entra admin center - navigating - Identity Protection
fig : Microsoft Entra admin center – navigating – Identity Protection
fig : Microsoft Entra admin center - Identity Protection blade
fig : Microsoft Entra admin center – Identity Protection blade

Identity Protection – OVERVIEW tab – TRENDS and TILES

  • On “Overview” tab of Identity Protection we have two sections
    • Trends
    • Tiles
  • TRENDS
    • Provides timeline of RISKS in our organization
    • Trends for new risky user detected
    • Trends for new risky sign-ins detected
fig : Microsoft Entra admin center - Identity Protection - Trends
fig : Microsoft Entra admin center – Identity Protection – Trends
  • TILES
    • Highlights the issues and respective actions to be taken
    • High risk users
    • Medium risk users
    • Unprotected risky sign-ins
    • Legacy authentication
fig : Microsoft Entra admin center - Identity Protection - Tiles
fig : Microsoft Entra admin center – Identity Protection – Tiles

License requirement for Identity Protection

  • Azure AD Premium P2 licenses

    Roles requires to access Identity Protection

    • Global Administrator – full access to Identity Protection
    • Security Administrator
      • Full access to Identity Protection
        • But can not reset password for user
      • Security Operator
        • View all Identity Protection reports and Overview
        • Dismiss user risk, confirm safe sign-in, confirm compromise
        • Can not configure or change the policies (RISK based policies – will discuss in next article)
        • Can not reset password for user
        • Can not configure alerts
        • Can not access security sign-in reports
      • Security Reader
        • View all Identity Protection reports and Overview
        • Can not configure or change the policies (RISK based policies – will discuss in next article)
        • Can not reset password for user
        • Can not configure alerts
        • Can not give feedback on detection
      • Global Reader
        • Read-only access to Identity Protection

        REFERENCES

        Thanks for reading the article !! Please feel free to discuss in case any issues / suggestions / thoughts / questions !

        HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

        Prasham Sabadra

        LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

        You may also like...

        This site uses Akismet to reduce spam. Learn how your comment data is processed.

        %d bloggers like this: