searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
February 15, 2019
Share

Azure AD Identity Protection now revolves around risky users and risky sign-ins

Launched in September 2018, Microsoft Threat Protection (MTP) integrates a number of Microsoft services to provide a fully integrated, end-to-end solution for securing the entire attack surface of enterprises: identities, endpoints, user data, cloud apps, and infrastructure.

Azure AD Identity Protection

Since MTP’s launch, Microsoft has slowly been polishing the offering by adding new and improved features such as an updated Azure Security Center, new automation capabilities, and new tools for enterprise security and compliance teams.

Latest improvements

The latest enhancements are to Azure AD Identity Protection and include:

  • A more intuitive user experience
  • APIs for integrating risk data with ticketing, analysis or SIEM systems
  • Improved risk assessment
  • A service-wide alignment across risky users and risky sign-ins.

To improve the user experience, there’s a new Security Overview dashboard that shows user and sign-in risk trends, a new Risky user report that gives better insight into at-risk users, and a new Risky sign-ins report.

Azure AD Identity Protection

Both of those reports allow administrators to improve the detection accuracy, either by:

  • Marking whether a sign-in is safe or compromised
  • Dismissing user risk if they believe it to be a false positive or if they’ve already taken remediation actions (e.g., password reset).

The data that can be viewed through the aforementioned dashboard and reports can also be routed directly to ticketing, alerting and SIEM systems via the new Risky users API and Sign-ins API.

Finally, user risk and sign-in risk assessment has been improved via supervised machine learning advancements, making it easier to prioritize sign-in investigations and making the company’s user risk policy more effective at automatically blocking or remediating risky users.

Alex Simons, Corporate VP of Program Management for Microsoft’s Identity Division, says that the Identity Protection refresh is the result of carefully listening to customers.

“We learned that two entities—risky users and risky sign-ins—are most relevant to IT admins for identity compromise. So, we designed the refreshed Identity Protection entirely around these two entities,” he noted.

More about
  • Azure AD Identity Protection
  • enterprise
  • identity protection
  • Microsoft
  • security
  • sign-in risk
  • user risk
Share this

Featured news

  • Fake ChatGPT for Google extension hijacks Facebook accounts
  • A common user mistake can lead to compromised Okta login credentials
  • A closer look at TSA’s new cybersecurity requirements for aviation
How to protect online privacy in the age of pixel trackers

Sponsored

Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

Security in the cloud with more automation

CISOs struggle with stress and limited resources

How to scale cybersecurity for your business

Don't miss

Fake ChatGPT for Google extension hijacks Facebook accounts

A common user mistake can lead to compromised Okta login credentials

A closer look at TSA’s new cybersecurity requirements for aviation

Best practices to secure digital identities

These 15 European startups are set to take the cybersecurity world by storm

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us