Azure AD Identity Protection introduces automatic, risk-based, conditional access to help protect users against suspicious logins and compromised credentials. Azure AD Identity Protections also offers insight into, and a consolidated view of, threat detection based on machine-learning. Furthermore, the service delivers an important level of remediation recommendations, as well as performing compromise risk calculations about a user and their session. The service requires an Azure AD Premium P2 or equivalent licensing.

You will get the following capabilities from this service:

• Detection: Vulnerabilities and risky accounts are detected by:
  • Highlighting vulnerabilities and providing custom recommendations
  • Calculating sign-in and user risk levels
• Investigation: Risk events are investigated and solved by:
  • Notifications
  • The provision of relevant and contextual information
  • Basic workflows used in tracking
  • Easy access to remediation actions (for example, a password reset)
• Risk-based conditional access: It includes:
  • Risk mitigation, such as blocking sign-ins or requesting multi-factor authentication
  • Blocking or securing risky user accounts
  • Asking users to register for Azure MFA

To get a greater understanding of this service, we need to start configuring it. So, login as a global administrator to https://portal.azure.com and complete the following steps:

1. Go the Azure AD Identity Protection tab or use the Search option to search the service
2. Start the on-boarding process by visiting the onboard menu under Settings and clicking Create at the bottom of the page, as shown in the following screenshot. Follow the process and finish on-boarding:

3. Now jump directly into the Overview section, as shown in the following screenshot:

4. The portal will present you with the relevant risks facing your environment, such as:
   • Users who are not enrolled with Azure MFA
   • Azure AD or Azure resource roles that don't require Azure MFA
   • The assignment of too many global administrator roles

5. Now, configure your first scenario by using the following source https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/quickstart-sign-in-risk-policy, with one of your users
6. Next, configure the alerts and weekly digest settings for information about the activities in and against your environment
7. After the service is enabled, you can test the functionality of Azure AD Identity Protection with the existing playbook, which is available at: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/playbook.

As you can see, running Azure AD Identity Protection doesn't require some long configuration task. However, we do recommend that you run your tests based on the provided playbook and get as much experience as possible:

As shown in the preceding screenshot, the Identity Secure Score provides you with information on your identity security position and how it can be improved. The service will recommend activating certain security features and following specific recommendations, for example:

• • Enabling Azure MFA for Azure AD privileged roles
  • Enabling self-service password reset
  • Enabling sign-in and user risk policies
  • Not allowing the expiration of passwords, or turning on password hash sync if you are in a hybrid configuration
  • Ensuring all users are enrolled to Azure MFA
  • Not using more than five global administrators
  • Disabling accounts that have not been used in the last 30 days
  • Blocking legacy authentication
  • Not allowing users to grant consent to unmanaged applications

We will discuss some areas of identity protection in more detail in Chapter 6, Managing Authentication Protocols and Chapter 13, Identifying and Detecting Sensitive Data. We will also offer a deep-dive into the Cloud App Security service, which provides you with capabilities to protect against the following:

• Malicious insiders: Protection against disgruntled employees
• Malware: Detection of malware in cloud storage as soon as they are uploaded
• Rogue applications: Identification of rogue applications that can access your sensitive data
• Compromised accounts: Combating advanced attackers that leverage compromised user credentials
• Data exfiltration: Detection of unusual flows of data either within or outside of your organization
• Ransomware: Identification of ransomware that uses sophisticated behavioral analytics technology

Now that we have looked at Azure AD Identity Protection, it's time to move on to the Azure AD PIM service.