Microsoft Azure Active Directory has become a backbone for many cloud services. As Identity is a key for technology landscape similarly protection is also most important for digital world. To enable this service, Microsoft Azure AD Premium P2 offers identity protection. It detects potential vulnerabilities and actions can be defined in two ways either automatic or can be taken based on suspicions incidents.
In conversations, it looks very easy when you listen explanation from Technical sales representative but it is not that easy. Microsoft Azure AD uses machine learning and heuristics to detect irregularities and suspicious incidents that helps to identify potentially compromised identities. It does not provide protection only to privileged account but covers all the identities. Therefore, a huge data can be collected to generate reports and to perform analysis that helps to identify ambiguities in the system and potential vulnerabilities. Mitigation and remediation actions can be defined based on the detected issues by using risk-based policies. These policies are add-on to the conditional access provided by Azure AD and EMS, it can take either block the suspicious identities or initiate a remediation actions including password reset and MFA enforcement.
Here are the capabilities provided identity protection:
| Detecting vulnerabilities and risky accounts | Investigating risk events | Risk-based conditional access policies |
|
|
|
|
|
|
|
|
|
|
|
Courtesy: Microsoft Azure Documentation
In many organizations, identity protection comes under security or risk management team. Therefore, it is more practical to have role based access control to manage these kinds of services. However, if identity management team itself take care of identity protection, still to define RBAC make sense because it makes administrators accountable and responsible. Azure AD identity protection provides three types of role to manage it.
| Role | Can do | Cannot do |
| Global administrator | Full access to Identity Protection, Onboard Identity Protection | |
| Security administrator | Full access to Identity Protection | Onboard Identity Protection, reset passwords for a user |
| Security reader | Read-only access to Identity Protection | Onboard Identity Protection, remidiate users, configure policies, reset passwords |
Courtesy: Microsoft Azure Documentation
Let see how to enable it. Before proceeding it further, make sure you have Azure AD Premium P2 enabled for your tenant.
Login to the https://aad.portal.azure.com and go to the More services.
In more services, select Azure AD Identity Protection.
In Azure AD Identity Protection – Getting started page, select “Onboard”
In this panel, make sure you have right directory selected and then click on create.
Once it is enable, you can see the analysis.
If you want to explore more to review the permanent admin roles, go to the overview and click on “Identify users who are assigned to permanent admin role” to configure Privileged identity management.
In the configure premium extensions panel, select “Configure PIM”
You need MFA to configure PIM. If you are enabled for MFA, click on verify my identity. It will redirect to you to configure MFA.
Once MFA has been configured successfully, you can see the status as below. Now click on Sign up.
In sign up window, select yes to sign up for Privileged Identity Mangement.
Once, configuration and discovery completes you can verify your roles.
To verify all the users who have PIM roles assigned or to add any other user to manage PIM, select Roles under Manage.
InsideMSTech 