What is Azure Identity Protection, and what benefits does it provide? | Microbyte

What is Azure Identity Protection, and what benefits does it provide?

Azure Identity Protection

Many years ago, logging into a company’s network was a simple matter. If you could remember your username and password combination, you were golden. However, as intrusion attempts became smarter, it became necessary to offer more sophisticated protection systems.

While there are various Active Directory solutions, Identity Protection is an additional implementation by Microsoft specifically aimed at improved login verification, particularly for risky users. This goes far beyond a simple user/password verification to better protect businesses from enhanced risks.   

Identity Protection in a Nutshell

Getting to the bottom of who is attempting to log in, assessing the risk to the network, protecting the network, and reporting risky users to IT admins is part of the Azure Identity Protection package.

Multi-factor Authentication

Multi-factor authentication aka (MFA) has become more familiar to users now. It provides a second method to confirm identity during a sign-in. The use of MFA technology has been shown to prevent successful malicious attacks over 99.9% of the time.

The Azure multi-factor authentication implementation allows IT admins to ensure everyone on their network uses it. This is achieved with Azure Identity Protection using a secondary form of ID, such as a face ID check, a fingerprint on a desktop fingerprint reader or a smartphone, the use of safer devices, or through other methods.

Even determined attackers cannot easily gain access to an employee’s fingerprint, or their smartphone to access the network. This is why MFA has proven so successful, taking companies from a single factor (user/password combo) to a multi-factor security configuration.

Risk Policy for All Sign-ins

For every sign-in activity, Azure Identity Protection makes a fresh determination of whether a user’s identity has been compromised or not.

Risks are determined initially based on how they’re set up by the IT admins.

For example, logging into the corporate network from a company laptop, on one of the network’s IP addresses inside the head office, will be deemed as less risky. This is because risk assessments include the device being used to log in, the location (based on the IP address), amongst other factors.

A risk score is determined, with the potential for some login attempts to be deemed ‘risky’ for the network. Policies established by the IT admins trigger an automatic response depending on the riskiness of the login attempt, including alerting the admins, preventing access, creating a report, etc. This reduces the number of times that IT admins must get directly involved.

Risk Policy for All Users

A compromise of the user’s identity is assessed too. This takes into account third parties who may attempt to impersonate a user to gain access to the network.

Known past user behaviour is compared to the current user to determine how far they are deviating from established, or typical, patterns. Administrators may be notified. They decide what actions to take, including allowing access, blocking access, conditional access, or taking other steps, such as a password reset.

Methods Used to Bolster Corporate Security Using Azure Identity Protection

It’s useful to gain some appreciation of the layered approach that Azure Identity Protection adopts to prevent unauthorised access.  

Here are a few of the different security methods in place:

Leaked credentials – Security signals may indicate that login information has fallen into a third party’s hands.

Password spray – A type of brute-force login attempt using predictable password guesses concurrently across multiple company user accounts.

Malware IP link – IP addresses pre-flagged to block access when connected to known malware distribution networks.

Anonymous Logins – Use of a VPN, TOR browser, or another method to hide the true location of the login is noted under risky sign-ins.

Atypical travel – Identifying user sign-ins where the location is out of the norm.

New sign-in properties – Unfamiliar sign-in properties found, suggesting something worth reviewing.

Azure Active Directory Threat Intelligence – Patterns of attack reminiscent of previous ones known to the Microsoft Azure Threat Intelligence team are identified, raising a flag.

Benefits of Using Azure Identity Protection

For busy IT departments, there are many benefits to using Azure Identity Protection. Here are just a few:

Manage Risk Better

Through the Microsoft Azure Security dashboard, IT admins benefit from established risk detection policies. They see security events and assess the riskiest users through real-time reports.

Risky users are listed, with a 3-tiered rating of high, medium, or low. The reports allow admins to dig deeper into why specific user access is considered a higher risk.

Machine Learning

Going beyond MFA, Azure Identity Protection utilises machine learning to continually improve its ability to identify new risks.

Given that cyberattacks are commonplace now, and ever-evolving, the use of machine learning increases the protection of corporate networks.

Using Triggers Effectively

Improvements to login security under Microsoft now reduce the direct involvement of IT admins. Instead, triggers bring higher risk, potential security infractions to their attention while automating responses on lower risk issues.

IT administrators can review potential threats, revise the user policy, reset a password, approve a sign-in, or take other remedial actions in response.

Users also can choose a self-service password reset option or utilise MFA to re-confirm their identity to resolve their login attempt being flagged. For password snafus, temporary ones are issued and subsequently replaced with new ones.

Reduce the Risks of Remote Worker Access

The rise of remote workers has created some complications for IT departments. Suddenly, some employees were logging in from company laptops at a new residential location.

Additional risks with remote worker logins include questionable wireless access, risky shared Wi-Fi networks (i.e., potential “Man in the Middle” attacks), use of unsecured laptops or other devices, plus many others.

By using Azure Identity Protection, companies can enjoy safer remote working by authenticating users via a multi-faceted, robust methodology.

 

Understanding Security Risks Better

Many of the security risks that a business is exposed to are directly connected to its employees.

Poor password memorisation (including writing it down, or infrequent password changes) regularly leads to unintended security infringements.

Other times, access is sought opportunistically, like an unattended terminal, an unlocked smartphone left on the desk, etc.

When companies adopt broad, enhanced security enforced under Azure Identity Protection, the layered approach provides a rigorous defence of company networks. The automated features coupled with appropriate IT admin oversight, free up IT staff to focus on higher-priority activities.

Get in touch with Microbyte today to discuss how we can enhance your network security for in-house and remote workers alike.

Similar blogs

Moving from Internal to Outsourced IT Support

Moving from Internal to Outsourced IT Support

Having reliable IT support is one of the most crucial parts of any modern business. Whether it’s tackling minor software glitches, protecting against cyber threats, offering a seamless experience to customers, or simply ensuring a smooth workflow for employees, an effective IT support system is the backbone of any business. But the game is changing….

Read More

Avatar photo

The Business Benefits of Cyber Essentials Certification

The Business Benefits of Cyber Essentials Certification

As IT continues to dominate and dictate international business, fortifying digital defences is paramount. Protecting your business from the devastating consequences of a cyber security breach should be a number one priority for every business.  The good news is that obtaining a Cyber Essentials certification is a simple and easy step to help protect against…

Read More

Avatar photo

Improve Your IT Helpdesk With SOPs

Improve Your IT Helpdesk With SOPs

As technology continues to drive businesses around the world, the role of IT helpdesks has evolved into a pivotal force, serving as the central point for user support and technical issue resolution. With organisations increasingly reliant on intricate digital infrastructures, the efficiency of IT helpdesks becomes paramount in ensuring seamless operations. Enter Standard Operating Procedures…

Read More

Avatar photo

A guide to switching IT Support Provider

A guide to switching IT Support Provider

The relationship between a business and its IT support company is a close one. With IT at the centre of almost every business, responsible for daily operations, goals, plans, feedback, data storage and communication, the right IT partner can be the driving force behind a company’s success. But as your business evolves, it’s essential to…

Read More

Avatar photo

Why should you outsource your IT Support

Why should you outsource your IT Support

When it comes to IT and technology, almost all businesses around the world rely on digital systems every single day. From cloud computing and cyber security to artificial intelligence and data analytics, the range of tools and different technologies available to businesses are constantly evolving. Maintaining, managing and updating information technology (IT) is a vital…

Read More

Avatar photo

Apple Mac IT Support Services A Comprehensive Guide

Apple Mac IT Support Services: A Comprehensive Guide

Within the IT industry, one of the most divisive questions is Apple or Microsoft Windows. When it comes to IT support, there is often a lack of expertise surrounding Apple products. Very few third-party providers are willing to work with companies that use Apple products as it can be challenging. However, Apple products have become…

Read More

Avatar photo