With ‘identities becoming the new perimeter’, especially in cloud and hybrid environments, securing user identities is of top priority for organizations. This article explains how Azure’s identity security offering, Azure AD Identity Protection, enforces continuous vigilance and security across organizations.
What is Azure AD Identity Protection?
Azure AD Identity Protection is a cloud-native identity management service provided by Microsoft as a part of their Azure Active Directory (Azure AD) offering. It leverages machine learning algorithms to help organizations protect against identity-based threats by providing them with real-time threat detection and remediation.
Apart from notifying anomalous activity, Azure AD Identity Protection allows admins to configure risk-based policies to automate threat response measures. Some of them include access control and password reset. It features a dashboard for monitoring and probing potential security incidents.
How to set up Azure AD Identity protection
To keep Azure AD Identity Protection up and running, follow these procedures:
- Login to the Azure portal with your Azure AD administrator account.
- Go to the Azure AD Identity Protection service.
- Select “Get started” to initiate the setup process.
- Configure Azure AD Identity Protection settings, such as enabling or disabling the detection of unusual sign-ons, creating risk-based policies and setting up multi-factor authentication.
- Setup email notifications to receive alerts when a user’s account is flagged for suspicious activity.
- Customize the risk event categories and user risk scores that are relevant to your organization.
- Delegate roles and permissions to users who will be responsible for managing the service.
How Azure AD identity protection can thwart identity-related risks?
Azure AD Identity Protection leverages machine learning algorithms and Microsoft’s threat intelligence to perform real-time detection and mitigation of identity-based risks. The solution’s threat intelligence capabilities are acquired from Microsoft’s learnings and analyses of data received from their consumer base. Some of the risks detected by Azure Identity Protection include:
- Anonymous IP addresses
- Atypical travel
- IP address associated with malware
- Anomalous sign-in properties
- Stolen credentials
- Brute force attacks
Some of the threats that can be mitigated using Azure Identity Protection include:
- Sign-in risk detection: Azure AD Identity Protection detects risk by assessing a user’s sign-in behaviour, such as sign-ins from different locations or multiple failed logons. It can also identify sign-in attempts from known malicious IP addresses.
- User risk assessment: Azure AD Identity Protection can examine the risk level of individual users based on their deviation from baseline activity patterns, such as infrequent logins or high-risk sign-in activity. It can also detect compromised credentials or leaked credentials of a user account.
- Context-based policies: Administrators can create contextual policies based on user or sign-in risk levels, such as implementing multi-factor authentication for high-risk users or blocking sign-in attempts from risky geolocations. These policies can help automate risk mitigation.
- Remediation recommendations: Azure AD Identity Protection directs IT admins on how to mitigate identity protection risks based on their severity.
- Real-time Reporting and inference: Azure AD Identity Protection provides reporting and analysis tools to help adminis trace identity protection risks by giving an overview of activity logs, and identify trends or patterns of suspicious behaviour.