Azure Active Directory ID Protection and Privileged ID Management Services Going Live Next Week

Microsoft plans to commercially offer its Azure Active Directory Identity Protection service and its Azure Active Directory Privileged Identity Management service, starting on Sept. 15.

Both services have been available in the last few months for testing at the preview stage, but Microsoft now plans to offer commercial licensing next week, per its announcement. In addition, Microsoft plans to start selling its new Azure AD Premium P2 service on that date. The Azure AD Premium P2 service is the same thing as the currently available Azure AD Premium service (now called "P1") but the P2 version also includes the new Azure AD ID Protection and Azure AD Privileged ID Management services.

This whole "P1" and "P2" name change was announced back in July when Microsoft described its new upper-tier Secure Productive Enterprise licensing, which will be coming in Q4.

Azure AD ID Protection
The two services add identity protections for organizations, but they work in different ways. Azure AD ID Protection taps Microsoft's machine-learning service to deliver risk scores, reports and alerts regarding potentially insecure user access attempts, including leaked credentials and suspicious sign-in attempts. IT pros get a dashboard view of overall "configuration and policy issues," with suggested remediation tips for those issues, according to Microsoft's announcement. It's also possible to tap Microsoft Graph APIs and get reports through various security information and event management (SIEM) software solutions. The service uses data collected by Microsoft's security analysis centers, grinding through "more than 10TB of data" per day to produce the scores.

Six criteria are used by the Azure AD ID Protection service to assess suspicious sign-in attempts. The service checks for leaked credentials, irregular user activity, devices thought to be infected with malware, odd access locations (including so-called "impossible travel" scenarios) and unusual activities associated with an IP address. Microsoft is able to spot a credential that has been leaked by analyzing data from 14 billion log-ins involving Microsoft accounts or Azure AD authentications, according to Alex Weinert, a group program manager for the Microsoft Identity Security and Protection team, in a Microsoft video. IT pros can set policies for the actions to take when an account is suspected to be compromised.

Users access the Azure AD ID Protection service from the Azure Marketplace as an option in the Azure management portal. The service works with tenant accounts as well as with Active Directory Federation Server used on premises.

Azure AD Privileged ID Management
The Azure AD Privileged Identity Management service is designed to protect IT organizations from themselves by better limiting and controlling access privileges. It's a roles-based tool that gives global administrators reports on which privileges have been allocated to IT staff, and it'll suggest limitations based on the size of an organization. The service also allows access privileges to be set for specific time intervals in a "just-in-time" protective approach.

The idea of the Azure AD Privileged ID Management service is to ward off potential "elevation-of-privilege" types of attacks that could occur if an attacker is able to advance their access privileges from a compromised account. The service comes with a dashboard view, and its discovery process works across "Azure Active Directory, Office 365, Intune and other services," according to Microsoft's announcement. It also has Microsoft Graph API access and PowerShell controls.

Both services let organizations set up multifactor authentication challenges to verify users or IT staff. The multifactor authentication scheme involves instigating a secondary means of proving identity on top of a password. Users typically have to respond to an instant message or an automated phone call, for example, before being granted access.

For organizations managing Active Directory on premises, Windows Server 2016 will have just-in-time and just-enough-access management capabilities, according to Weinert. Microsoft plans to commence Windows Server 2016 sales in October.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.