Azure Active Directory ID Protection 'Refresh' Now Available

Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

Typically, Microsoft uses the GA term for its newly emerged commercial products and services. What's confusing in this case is that Azure AD Identity Protection, offered with Azure AD Premium P2 licensing, actually reached the GA stage more than three years ago. The service is supposedly refreshed now because four enhancements announced at the preview stage back in January are now feature-complete.

It's this refreshed Azure AD Identity Protection product that is now at the GA stage, although Microsoft also said it reached GA back on Nov. 4, too.

The point, apparently, is that the Azure AD Identity Protection service is really new this time around.

"This is a huge step forward across all of our UEBA [user and entity behavior analytics] capabilities with more and enhanced signals, massively improved APIs for integration with your SOC [security operations center] environments, [and] a new user interface that makes you more efficient!" said Alex Simons, corporate vice president of the Microsoft Identity Division, in the Nov. 13 announcement.

It seems to be a good summary of the so-called refreshed product.

Azure AD Identity Protection now has three APIs (Risky users APISign-ins API and Risk detections API) that were derived from the Microsoft Graph, which Microsoft has previously defined as a "cloud-backed data store" subject to artificial intelligence (AI) analysis. The APIs also can be used to share information with various security information and event management (SIEM) solutions in order to get alerts about risky sign-in behaviors.

The Azure AD Identity Protection service also now integrates with the Microsoft Cloud App Security service and the Azure Advanced Threat Protection service, permitting risk information to be shared, if organizations have the licensing.

The Azure AD Identity Protection service also now has three new detection types:

  • Azure AD Threat Intelligence: Shows compromises detected by Microsoft's security team.
  • Malicious IP Address: Detects sign-ins associated with malicious IP addresses.
  • Admin Confirmed User Compromised: Shows the risky users that were confirmed by IT administrators.

Other detection capabilities of the service that aren't new are anonymous IP address sign-ins, sign-ins associated with "atypical travel" (or being in two locations at a similar time), sign-ins from malware-linked IP addresses and unfamiliar sign-ins.

Microsoft also claims to have improved the risk detection capabilities of the Azure AD Identity Protection service. It provides advanced reports on "risky users, risky sign-ins and risk detections," the announcement explained.

The Azure AD Identity Protection is accessed using the Azure Portal, where the refreshed experience likely is already available for Azure AD Premium P2 subscribers.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.