In Part I of this blogpost, I had explained the concept of Azure AD Identity protection and how to set it up. In this part, I’ll cover Azure AD Identity Protection configuration. There are three major sections under configure i.e. “MFA registration”, “User risk policy” and “Sign-in risk policy”.
Under all these configuration options, you will find 5 parameters.
Policy Name: Predefined
Assignments: Users and Conditions (not for MFA)
Controls: Access control
Review: Estimated impact
Enforce Policy: On/Off
Let see how to configure MFA registration.
Under assignments, select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.
Under controls, define access registration.
Under review, look at the estimated impact.
Now, finally enforce the policy and click on save.
In further configuration, let see how to configure users risk policy.
Under assignments, first select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.
Now define the conditions when the policy should apply.
Under controls, define access control by accessing user risk.
Under review, look at the estimated impact.
Now, finally enforce the policy and click on save.
Finally, let see how to configure sign-in risk policy.
Under assignments, first select the users. You have three options to go with, (i) select all users (ii) select specific users and groups (iii) select all users and exclude the specific users.
Now define the conditions when the policy should apply.
Under controls, define access control by accessing sign-in risk.
Under review, look at the estimated impact.
Now, finally enforce the policy and click on save.
I have just shown an example, how to configure these settings. You should configure these settings based on your requirements.
InsideMSTech 