#AzureAD : Identity Protection Part II


In Part I of this blogpost, I had explained the concept of Azure AD Identity protection and how to set it up. In this part, I’ll cover Azure AD Identity Protection configuration. There are three major sections under configure i.e. “MFA registration”, “User risk policy” and “Sign-in risk policy”.

Under all these configuration options, you will find 5 parameters.

Policy Name: Predefined

Assignments: Users and Conditions (not for MFA)

Controls: Access control

Review: Estimated impact

Enforce Policy: On/Off

Let see how to configure MFA registration.

Under assignments, select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.

Under controls, define access registration.

Under review, look at the estimated impact.

Now, finally enforce the policy and click on save.

In further configuration, let see how to configure users risk policy.

Under assignments, first select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.

Now define the conditions when the policy should apply.

Under controls, define access control by accessing user risk.

Under review, look at the estimated impact.

Now, finally enforce the policy and click on save.

Finally, let see how to configure sign-in risk policy.

Under assignments, first select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.

Now define the conditions when the policy should apply.

Under controls, define access control by accessing sign-in risk.

Under review, look at the estimated impact.

Now, finally enforce the policy and click on save.

I have just shown an example, how to configure these settings. You should configure these settings based on your requirements.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s