Four major Azure AD Identity Protection enhancements are now in public preview

January 30, 2019 Chris Spanougakis No comments exist

More and more enhancements related to Identity Protection have been announced today! So let’s see all of them:

  • Improved user interface that now includes security insights, ability to filter and create reports
  • New APIs that allow you to use all this monitored data to your own ticketing systems
  • Improved risk assessment, so to be able to have a better risk analysis
  • Service-Wide alignment with risky users and risky sign-ins, because we now that very often it’s the user that causes the problem.

All these new features are available to customers with an Azure AD Premium P2 subscription.

 

New user interface

1. Security Overview

This new view provides user and sign-in risk trends, in order to get a better idea of possible attacks. Take a look at the tiles on the right side, they give you valuable information telling you what to do:

Four major Azure AD Identity Protection enhancements 1.png

 

Risky User Report

Really great tool, because it immediately  gives you all the information you need about your users and take corrective action.What I really liked is the Risk events not linked to a sign-in tab: it shows you detections not tied to a sign in. For instance, the user may have reused their credentials at another site that was compromised.

Four major Azure AD Identity Protection enhancements 2.png

 

Four major Azure AD Identity Protection enhancements 4.png

 

And let’s see something new: The Risky sign-ins report gives you a single, integrated view to see basic sign-in info, risk, device, Multi-Factor Authentication (MFA), and policy information.

Four major Azure AD Identity Protection enhancements 6.png

 

Smart feedback  lets you protect your users by acting upon the risk assessment. If you conclude sign-ins were compromised, you can select these sign-ins and click Confirm compromised. Alternatively, you can click Confirm safe.

Four major Azure AD Identity Protection enhancements 9.png

Powerful APIs

All the data you access through the new UX is available to you via the MS-Graph APIs. You can programmatically route Identity Protection data into your SIEM, storage, ticketing, or alerting system through the following APIs.

And let’s talk about the improved risk assessment feature that practically has two options: the aggregate sign-in risk, which is new, considers all the malicious activity detected on a sign-in. It includes real-time detections (detections that trigger during the sign-in), non-real-time detections (detections that trigger minutes after the sign-in), detections made by partner security products, and other features of a sign-in.

The other option is the improved User-risk detection, using advanced machine-learning technology to automatically deal with risky users.

It seems that risky sign-ins and risky users is the most important part of Identity Protection, so it’s redesigned based on these two entities.

table1.png

 

Thanks for your time!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.