Microsoft Releases Preview of Azure Active Directory Identity Protection

Microsoft today released a preview of its new Azure Active Directory Identity Protection service.

Microsoft is promising that Azure AD Identity Protection will help ward off compromised user accounts and configuration vulnerabilities. The preview is an application that can be added from the Azure Marketplace collection of apps using the Azure management portal.

This service needs to be set up by an organization's global administrator. It's available to subscribers to Microsoft's Enterprise Mobility Suite and/or the Azure Active Directory Premium service. Alternatively, the preview can be tested using a 30-day Azure Active Directory Premium trial account.

Azure AD Identity Protection is Microsoft's newest machine-learning based security solution for organizations. Microsoft earlier promised that the preview would be arriving sometime this week. The company has been working on this solution for over a year, according to Alex Simons, director of program management for the Microsoft Identity Division.

Simons described Azure AD Identity Protection as "the industry's first cloud powered, adaptive machine learning based identity protection system, one that can detect cyber-attacks, mitigate them in real time, and automatically suggest updates to your Azure AD configuration and conditional access policies to help our customers keep their enterprises safe."

This service protects against potential user identity compromises by using threat data to assign login risk scores. It uses signals data from Microsoft's applications and pulls threat information from the company's analysis centers, such as the Microsoft Digital Crimes Unit and the Microsoft Security Response Center.

Azure AD Identity Protection sends e-mail notifications to IT pros when the service detects accounts at high risk. They also get a weekly security overview. IT pros can take action when presented with a risky account. They can resolve the issue, ignore false positives, challenge the user with multifactor authentication, or compel a password reset.

Currently, the service detects six kinds of identity risks, per Microsoft's announcement:

  • Users with leaked credentials
  • Irregular sign-in activity
  • Sign-ins from possibly infected devices
  • Sign-ins from unfamiliar locations
  • Sign-ins from IP addresses with suspicious activity
  • Sign-ins from impossible travel

The "impossible travel" scenario happens when logins from two geographically separate areas take place in a shorter time than it would take to travel between those areas, per Microsoft's "Identity Protection Glossary." However, there's a bit of a learning curve involved for the service. Microsoft's "Azure AD Identity Protection" documentation explains that there's a 14-day learning period for the system to recognize the sign-in behavior of a new user. False-positives could occur if a new device is used or if the user accesses "a VPN that is typically not used by other users in the organization," according to Microsoft's documentation.

Organizations can set policies when using Azure AD Identity Protection. The service can be set to push messages down to end users when they are blocked. They can be asked to contact the account administrator or pass a multifactor authentication challenge to gain access, for instance.

Azure AD Identity Protection seems to be associated with other Azure security protection services, such as "Azure AD Privileged Identity Management, Cloud App Discovery, and Azure Multi-Factor Authentication," per Simons' description. Those potential Azure service dependencies weren't explained in detail in Microsoft's announcement. Possibly, those services would have to be purchased separately.  

Microsoft's documentation indicates that the Privileged ID Management service controls the security alert system. Cloud App Discovery is used to find unmanaged cloud apps. The Azure Multi-Factor Authentication service sends password alternatives to permit access, such as a "phone call, text message, or mobile app notification or verification code and 3rd party OATH tokens," according to Microsoft's documentation.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.