Microsoft Releases Preview of Azure Active Directory Identity Protection

Microsoft today released a preview of its new Azure Active Directory Identity Protection service.

Microsoft is promising that Azure AD Identity Protection will help ward off compromised user accounts and configuration vulnerabilities. The preview is an application that can be added from the Azure Marketplace collection of apps using the Azure management portal.

This service needs to be set up by an organization's global administrator. It's available to subscribers to Microsoft's Enterprise Mobility Suite and/or the Azure Active Directory Premium service. Alternatively, the preview can be tested using a 30-day Azure Active Directory Premium trial account.

Azure AD Identity Protection is Microsoft's newest machine-learning based security solution for organizations. Microsoft earlier promised that the preview would be arriving sometime this week. The company has been working on this solution for over a year, according to Alex Simons, director of program management for the Microsoft Identity Division.

Simons described Azure AD Identity Protection as "the industry's first cloud powered, adaptive machine learning based identity protection system, one that can detect cyber-attacks, mitigate them in real time, and automatically suggest updates to your Azure AD configuration and conditional access policies to help our customers keep their enterprises safe."

This service protects against potential user identity compromises by using threat data to assign login risk scores. It uses signals data from Microsoft's applications and pulls threat information from the company's analysis centers, such as the Microsoft Digital Crimes Unit and the Microsoft Security Response Center.

Azure AD Identity Protection sends e-mail notifications to IT pros when the service detects accounts at high risk. They also get a weekly security overview. IT pros can take action when presented with a risky account. They can resolve the issue, ignore false positives, challenge the user with multifactor authentication, or compel a password reset.

Currently, the service detects six kinds of identity risks, per Microsoft's announcement:

  • Users with leaked credentials
  • Irregular sign-in activity
  • Sign-ins from possibly infected devices
  • Sign-ins from unfamiliar locations
  • Sign-ins from IP addresses with suspicious activity
  • Sign-ins from impossible travel

The "impossible travel" scenario happens when logins from two geographically separate areas take place in a shorter time than it would take to travel between those areas, per Microsoft's "Identity Protection Glossary." However, there's a bit of a learning curve involved for the service. Microsoft's "Azure AD Identity Protection" documentation explains that there's a 14-day learning period for the system to recognize the sign-in behavior of a new user. False-positives could occur if a new device is used or if the user accesses "a VPN that is typically not used by other users in the organization," according to Microsoft's documentation.

Organizations can set policies when using Azure AD Identity Protection. The service can be set to push messages down to end users when they are blocked. They can be asked to contact the account administrator or pass a multifactor authentication challenge to gain access, for instance.

Azure AD Identity Protection seems to be associated with other Azure security protection services, such as "Azure AD Privileged Identity Management, Cloud App Discovery, and Azure Multi-Factor Authentication," per Simons' description. Those potential Azure service dependencies weren't explained in detail in Microsoft's announcement. Possibly, those services would have to be purchased separately.  

Microsoft's documentation indicates that the Privileged ID Management service controls the security alert system. Cloud App Discovery is used to find unmanaged cloud apps. The Azure Multi-Factor Authentication service sends password alternatives to permit access, such as a "phone call, text message, or mobile app notification or verification code and 3rd party OATH tokens," according to Microsoft's documentation.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus