Microsoft Expands Azure Active Directory ID Protection Preview with User Risk Policy

Microsoft has improved its preview of the Azure Active Directory Identity Protection service for federated tenants and also expanded the preview to Europe.

Microsoft first rolled out a preview of the Azure AD Identity Protection service in March, but it was just available for U.S. testers. Now the service is "fully supported in Europe," Microsoft announced today. Organizations will need a subscription to the Azure AD Directory Premium service or Microsoft's Enterprise Mobility Suite to use the Azure AD Identity Protection preview.

Azure AD Identity Protection is designed as a safeguard against compromised user credentials. It uses Microsoft's machine-learning technologies to discover possible compromised accounts, checking for six kinds of identity risks. The system produces a score for the risks associated with particular user accounts. It allows IT pros to block a user or issue a multifactor authentication challenge, if wanted. A multifactor authentication challenge is a secondary verification besides a password. For instance, a user also has to verify his or her identity by responding to an instant message or a mobile phone call.

Microsoft has gradually been improving the Azure AD Identity Protection service. In June, it enabled the service to work with organizations that have set up a premises-based federation service for user authentications, such Active Directory Federation Server (ADFS). ADFS is a Windows Server-based identity management system that works with Microsoft's datacenter-based Azure AD service. In early June, Microsoft added the ability to detect risky sign-ins for organizations with federated setups. In late June, it added role-based access controls.

Today, Microsoft also announced that its User Risk Policy is now turned on for organizations using Azure AD Identity Protection preview in federated setups, such as with ADFS or the Ping Federate solution.

User Risk Policy is another scoring component of the Azure AD Identity Protection service besides Sign-In policy. The User Risk Policy taps "accumulated data" over time to assess potentially compromised accounts. For instance, it'll check if a "username and password was leaked on the web," Microsoft's announcement explained. It also checks for patterns in user logins to produce a risk score.

Organizations wanting to try out the User Risk Policy capability in Azure AD Identity Protection preview need to have enabled the password writeback capability for a federated domain, Microsoft's announcement explained. And there are a bunch of requirements for enabling password writeback as well. Microsoft has described password writeback as "an Azure Active Directory Connect component" that "allows you to configure your cloud tenant to write passwords back to your on-premises Active Directory." Azure Active Directory Connect is Microsoft's wizard-like setup tool for connecting with Azure AD services.

So far, Microsoft has been gradually adding capabilities to the Azure AD Identity Protection service. It's not clear when the service will go live.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus