Information Technology Service Management (ITSM) Processes. 1) Service Request Management Focuses on requests and responses for the IT help-desk items. The processes should be established and uniform. To reduce the workload on agents, organization may consider implementing self service options or chat-bots. 2) Service Catalogs Generally Service Catalogs is a central location/webpage with all the details for contacting the help-desk. It may also contain the self service options and solutions for common problems/issues. 3) Knowledge,Policy and Procedures. This is the knowledge base which controls the collection, maintenance and distribution of information sharing throughout the organization. It shall include the policies, standards, guidelines and the operating procedures for each process or tasks. 4) Incident Management. Defines process on how to handle a situation when an incident happens and how to fix the situation in an accelerated and organized manner. The objective is to reduce t
Azure Active Directory Identity Protection is used to ,
The tool can detect the following risk factors,
Leaked credentials - If a user's credentials are leaked , AD Identity protection can get the intelligence and block the access.
Sign-ins from anonymous IP addresses - These are user sign-ins that are originated from an IP address that has been identified as an anonymous proxy IP address or VPN.
Logins from atypical locations - User sign-in occurs from geographically distant locations, where at least one of the locations may also be atypical for the user. For example, the user is login from New York and in the next hour another login request from New Delhi (Which is impossible to travel in one hour) for the same user.
Sign-in from unfamiliar locations - This processes uses the prior sign-ins of the user to detect unusual locations for new sign-ins from the user.
Sign-ins from infected devices/IP - Identifies any sign-ins that happens from devices infected with malware or Malware related IP Addresses.
Sign-ins from IP addresses with suspicious activity - Identifies the IP addresses from which a high number of failed sign-in attempts happens across multiple user accounts over a short period of time.
- Automate the detection of any identity-based risks.
- It can also be used to investigate any risks to using reports data in the portal
- It can be used to expose risk detection data to third-party utilities for further analysis.
- Also possible to auto remediate the risks
The tool can detect the following risk factors,
Leaked credentials - If a user's credentials are leaked , AD Identity protection can get the intelligence and block the access.
Sign-ins from anonymous IP addresses - These are user sign-ins that are originated from an IP address that has been identified as an anonymous proxy IP address or VPN.
Logins from atypical locations - User sign-in occurs from geographically distant locations, where at least one of the locations may also be atypical for the user. For example, the user is login from New York and in the next hour another login request from New Delhi (Which is impossible to travel in one hour) for the same user.
Sign-in from unfamiliar locations - This processes uses the prior sign-ins of the user to detect unusual locations for new sign-ins from the user.
Sign-ins from infected devices/IP - Identifies any sign-ins that happens from devices infected with malware or Malware related IP Addresses.
Sign-ins from IP addresses with suspicious activity - Identifies the IP addresses from which a high number of failed sign-in attempts happens across multiple user accounts over a short period of time.