With Azure Identity Protection (Azure AD P2 feature), Azure provides necessary precautions to protect and safeguard identities.
Some of the common risks with identities are
- Leaked credentials
- Malware linked IP addresses
- Unfamiliar sign-in properties
- and many more,
As you can assume, it is very difficult to manually monitor each and every corner of the internet to check our credentials are compromised.
As a remedy Microsoft provides us with Identity Protection feature which has an automated detection of identity based risks.
Identity Protection will provide remediation using different policies. We have two main policies to support us.
User risk policy
Azure will identity user accounts that may have compromised credentials. Policies will define what actions to be performed for such accounts
Based on the severity of the user risk, Azure will classify the riskiness as low, medium and high.
Following is the approach to configure User risk policy
Step 1 : Select target users
Step 2 : Select the risk level
Microsoft recommends to put the threshold to High.
Step 3 : Select the control
According to this setting in above diagram, user access will be blocked.
Sign-in risk policy
Azure will identify suspicious sign-in attempts of users. Policies will define what actions to be performed for such accounts
Based on the severity of the user risk, Azure will classify the riskiness as low, medium and high.
Following is the approach to configure Sign-in risk policy
Step 1: Select target users
Step 2 : Select the risk level
Microsoft recommends to put the threshold to Medium and Above.
Step 3 : Select the control
According to this setting in above diagram, user access will be blocked
After policies are set, administrators can refer various reports to obtain further insights.