introduction
Azure Active Directory Identity Protection includes three default policies that administrators can enable.
These policies include limited customization but are applicable to most organizations.
All of the policies allow for excluding users such as your emergency access or break-glass administrator accounts.
Azure AD MFA registration policy
Identity Protection can help organizations roll out Azure AD Multi-Factor Authentication (MFA) using a Conditional Access policy requiring registration at sign-in.(which we fully discussed in previous article please back to conditional access policies )
these policy are :
- sign-in risky policy
- user risky policy
- MFA registration policy
Enabling this policy is a great way to ensure new users in your organization have registered for MFA on their first day.
Multi-factor authentication is one of the self-remediation methods for risk events within Identity Protection.
Self-remediation allows your users to take action on their own to reduce helpdesk call volume.
to configure MFA policy >> please follow guides below in REDS
sign in risky policy
Identity Protection analyzes signals from each sign-in, both real-time and offline,
then calculates a risk score based on the probability that the sign-in wasn’t performed by the user.
administrator options
- Administrators can make a decision based on this risk score signal to enforce organizational requirements
- Administrators can choose to block access, allow access, or allow access but require multi-factor authentication.
If risk is detected:
- users can perform multi-factor authentication to self-remediate and close the risky sign-in event to prevent unnecessary noise for administrators.
to configure sign-in risky policy >> please follow guides below in REDS
user risky policy
Identity Protection can calculate what it believes is normal for a user’s behavior and use that to base decisions for their risk.
User risk is a calculation of probability that an identity has been compromised.
administrator options
- Administrators can make a decision based on this risk score signal to enforce organizational requirements.
- Administrators can choose to block access, allow access, or allow access but require a password change using Azure AD self-service password reset.
If risk is detected,
- users can perform self-service password reset to self-remediate and close the user risk event to prevent unnecessary noise for administrator
to configure users risky >> please follow guides below in REDS
Conclusion
Azure Active Directory Identity Protection includes three default policies that administrators can choose to enable.
These policies include limited customization but are applicable to most organizations.
