{"id":825,"date":"2022-05-05T20:03:45","date_gmt":"2022-05-05T20:03:45","guid":{"rendered":"https:\/\/www.spktechfit.com\/?p=825"},"modified":"2022-05-05T20:03:45","modified_gmt":"2022-05-05T20:03:45","slug":"12-managing-azure-ad-protection","status":"publish","type":"post","link":"https:\/\/www.spktechfit.com\/?p=825","title":{"rendered":"12. Managing Azure AD Protection"},"content":{"rendered":"<h2>Understanding Azure Identity Protection with User and Sign in Risk policies<\/h2>\n<h3>Azure Identity Protection helps with the following tasks:<\/h3>\n<ul>\n<li>Automate the detection and remediation of identity based risks (compromised accounts, phishing attacks etc\u2026)<\/li>\n<li>Investigate risks using easy to find data<\/li>\n<li>Export risk data to third part tools for further analysis<\/li>\n<\/ul>\n<h3>Identity Risk Detection Engines:<\/h3>\n<ul>\n<li><b>Heuristics<\/b>: the system monitors how the user uses the systems (when they usually logon, from where, which device etc\u2026) and using <b>Machine Learning<\/b> can make decisions\u00a0 based on this information<\/li>\n<li><b>Microsoft Partner Products: <\/b>These are 3rd party security products that can interface with Microsoft to detect security issues<\/li>\n<\/ul>\n<h3>Risk Types<\/h3>\n<ul>\n<li><b>User Risk: <\/b>probability a user identity has been compromised<\/li>\n<li><b>Sign-in Risk: <\/b>\u00a0probability a sign in is compromised<br \/>\n&#8211; Real Time (Decision based in Real Time)<br \/>\n&#8211; Aggregate (Decision based on real Time and non-Real Time)<\/li>\n<\/ul>\n<h3>Risk Detection<\/h3>\n<ul>\n<li>Atypical travel (user logs in NYC, then 5 mins later they logon in LA)<\/li>\n<li>Anonymous IP Address<\/li>\n<li>Unfamiliar sign in properties<\/li>\n<li>Malware linked IP address<\/li>\n<li>Leaked Credentials<\/li>\n<li>Azure AD Threat Intelligence<\/li>\n<\/ul>\n<h3>Risk Investigation:<\/h3>\n<ul>\n<li>Risk Users<\/li>\n<li>Risky Sign ins<\/li>\n<li>Risky Detections<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Enabling &amp; Monitoring Azure AD Identity Protection User &amp; Sign-in Risk Policies<\/h2>\n<p><b>Looks like you need Premium 2 Licences for these features<\/b><\/p>\n<h3>Configuring User Risk Policy<\/h3>\n<ol>\n<li>Go to Azure Portal -&gt; Azure AD Identity protection -&gt; User Risk policy<\/li>\n<li>Assignments: set the users you want to apply it to<\/li>\n<li>Conditions: here you set a risk level (low, medium or high). This is based on an algorithm Microsoft has created.<\/li>\n<li>Access: Block or Allow (with the option of forcing a password change)<\/li>\n<\/ol>\n<h3>Configuring Sign in\u00a0 Policy<\/h3>\n<ol>\n<li>Go to Azure Portal -&gt; Azure AD Identity protection -&gt; Sign in Risk policy<\/li>\n<li>Assignments: set the users you want to apply it to<\/li>\n<li>Conditions: here you set a risk level (low, medium or high). This is based on an algorithm Microsoft has created.<\/li>\n<li>Access: Block or Allow (with forcing MFA)<\/li>\n<\/ol>\n<h3>Reports<\/h3>\n<p>You can access the reports for these policies on the same page.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Understanding Azure Identity Protection with User and Sign in Risk policies Azure Identity Protection helps with the following tasks: Automate the detection and remediation of identity based risks (compromised accounts, phishing attacks etc\u2026) Investigate risks using easy to find data Export risk data to third part tools for further analysis Identity Risk Detection Engines: Heuristics: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,12,3],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/825"}],"collection":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=825"}],"version-history":[{"count":2,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/825\/revisions"}],"predecessor-version":[{"id":827,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=\/wp\/v2\/posts\/825\/revisions\/827"}],"wp:attachment":[{"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spktechfit.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}