Info Sharing Blog

Sunday, July 12, 2020

Azure Active Directory Identity Protection #CloudScribblings

July 12, 2020 Posted by jaacostan ,
Azure Active Directory Identity Protection is used to ,
  1. Automate the detection of any identity-based risks.
  2. It can also be used to investigate any risks to using reports data in the portal
  3. It can be used to expose risk detection data to third-party utilities for further analysis.
  4. Also possible to auto remediate the risks
To use this feature fully fledged, Azure AD Premium P2 license is required.
The tool can detect the following risk factors,
Leaked credentials - If a user's credentials are leaked , AD Identity protection can get the intelligence and block the access.
Sign-ins from anonymous IP addresses - These are user sign-ins that are originated from an IP address that has been identified as an anonymous proxy IP address or VPN.
Logins from atypical locations - User sign-in occurs from geographically distant locations, where at least one of the locations may also be atypical for the user. For example, the user is login from New York and in the next hour another login request from New Delhi (Which is impossible to travel in one hour) for the same user.
Sign-in from unfamiliar locations - This processes uses the prior sign-ins of the user to detect unusual locations for new sign-ins from the user.
Sign-ins from infected devices/IP - Identifies any sign-ins that happens from devices infected with malware or Malware related IP Addresses.
Sign-ins from IP addresses with suspicious activity - Identifies the IP addresses from which a high number of failed sign-in attempts happens across multiple user accounts over a short period of time.