Part I and Part II of this blog post covers basic of identity protection, how to enable and configure it. In this post, I’ll cover remaining part of Identity Protection. Once you have enabled Identity protection and configured it successfully then monitoring, investigation and reporting become crucial part of the information risk management. Azure AD portal fulfills your need through a single control panel.
To investigate the users flagged for risk, risk events and vulnerabilities can be found under “INVESTIGATE”.
You can see or download the report and can change the user risk policy configuration through “User flagged for risk” panel.
Risk events for last 90 days can be seen under risk events and the same report can be downloaded as well. If you have a list of know IP address ranges then you can define it as well so that report doesn’t reflect trusted IP ranges. To add IP address ranges, select “+ Add known IP address ranges”.
In the configure locations panel, select “+New location” and then define the name and IP ranges. You can also upload and download the IP ranges.
You can also configure MFA trusteed IPs by selecting “…More” in configure location panel.
You can check the vulnerabilities with risk in the vulnerabilities panel and fix it based on your supported organization risk level.
You can also setup the alerts and weekly digests through email.
To setup the alerts, go to alerts section under settings and configure the alerts settings based on user risk level.
To setup a weekly digest, go to the weekly digest section and enable/disable it.
If you would like to pin Azure AD Identity protection to dashboard then select “Pin to dashboard”. In Pin to dashboard panel select “Pin to dashboard” and click on create.
Now, you can see Azure AD Identity protection at dashboard for easier access.