Azure Active Directory ID Protection and Privileged ID Management Services Going Live Next Week
Microsoft plans to commercially offer its Azure Active Directory Identity Protection service and its Azure Active Directory Privileged Identity Management service, starting on Sept. 15.
Both services have been available in the last few months for testing at the preview stage, but Microsoft now plans to offer commercial licensing next week, per its announcement. In addition, Microsoft plans to start selling its new Azure AD Premium P2 service on that date. The Azure AD Premium P2 service is the same thing as the currently available Azure AD Premium service (now called "P1") but the P2 version also includes the new Azure AD ID Protection and Azure AD Privileged ID Management services.
This whole "P1" and "P2" name change was announced back in July when Microsoft described its new upper-tier Secure Productive Enterprise licensing, which will be coming in Q4.
Azure AD ID Protection
The two services add identity protections for organizations, but they work in different ways. Azure AD ID Protection taps Microsoft's machine-learning service to deliver risk scores, reports and alerts regarding potentially insecure user access attempts, including leaked credentials and suspicious sign-in attempts. IT pros get a dashboard view of overall "configuration and policy issues," with suggested remediation tips for those issues, according to Microsoft's announcement. It's also possible to tap Microsoft Graph APIs and get reports through various security information and event management (SIEM) software solutions. The service uses data collected by Microsoft's security analysis centers, grinding through "more than 10TB of data" per day to produce the scores.
Six criteria are used by the Azure AD ID Protection service to assess suspicious sign-in attempts. The service checks for leaked credentials, irregular user activity, devices thought to be infected with malware, odd access locations (including so-called "impossible travel" scenarios) and unusual activities associated with an IP address. Microsoft is able to spot a credential that has been leaked by analyzing data from 14 billion log-ins involving Microsoft accounts or Azure AD authentications, according to Alex Weinert, a group program manager for the Microsoft Identity Security and Protection team, in a Microsoft video. IT pros can set policies for the actions to take when an account is suspected to be compromised.
Users access the Azure AD ID Protection service from the Azure Marketplace as an option in the Azure management portal. The service works with tenant accounts as well as with Active Directory Federation Server used on premises.
Azure AD Privileged ID Management
The Azure AD Privileged Identity Management service is designed to protect IT organizations from themselves by better limiting and controlling access privileges. It's a roles-based tool that gives global administrators reports on which privileges have been allocated to IT staff, and it'll suggest limitations based on the size of an organization. The service also allows access privileges to be set for specific time intervals in a "just-in-time" protective approach.
The idea of the Azure AD Privileged ID Management service is to ward off potential "elevation-of-privilege" types of attacks that could occur if an attacker is able to advance their access privileges from a compromised account. The service comes with a dashboard view, and its discovery process works across "Azure Active Directory, Office 365, Intune and other services," according to Microsoft's announcement. It also has Microsoft Graph API access and PowerShell controls.
Both services let organizations set up multifactor authentication challenges to verify users or IT staff. The multifactor authentication scheme involves instigating a secondary means of proving identity on top of a password. Users typically have to respond to an instant message or an automated phone call, for example, before being granted access.
For organizations managing Active Directory on premises, Windows Server 2016 will have just-in-time and just-enough-access management capabilities, according to Weinert. Microsoft plans to commence Windows Server 2016 sales in October.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.