Many years ago, logging into a company’s network was a simple matter. If you could remember your username and password combination, you were golden. However, as intrusion attempts became smarter, it became necessary to offer more sophisticated protection systems.
While there are various Active Directory solutions, Identity Protection is an additional implementation by Microsoft specifically aimed at improved login verification, particularly for risky users. This goes far beyond a simple user/password verification to better protect businesses from enhanced risks.
Identity Protection in a Nutshell
Getting to the bottom of who is attempting to log in, assessing the risk to the network, protecting the network, and reporting risky users to IT admins is part of the Azure Identity Protection package.
Multi-factor Authentication
Multi-factor authentication aka (MFA) has become more familiar to users now. It provides a second method to confirm identity during a sign-in. The use of MFA technology has been shown to prevent successful malicious attacks over 99.9% of the time.
The Azure multi-factor authentication implementation allows IT admins to ensure everyone on their network uses it. This is achieved with Azure Identity Protection using a secondary form of ID, such as a face ID check, a fingerprint on a desktop fingerprint reader or a smartphone, the use of safer devices, or through other methods.
Even determined attackers cannot easily gain access to an employee’s fingerprint, or their smartphone to access the network. This is why MFA has proven so successful, taking companies from a single factor (user/password combo) to a multi-factor security configuration.
Risk Policy for All Sign-ins
For every sign-in activity, Azure Identity Protection makes a fresh determination of whether a user’s identity has been compromised or not.
Risks are determined initially based on how they’re set up by the IT admins.
For example, logging into the corporate network from a company laptop, on one of the network’s IP addresses inside the head office, will be deemed as less risky. This is because risk assessments include the device being used to log in, the location (based on the IP address), amongst other factors.
A risk score is determined, with the potential for some login attempts to be deemed ‘risky’ for the network. Policies established by the IT admins trigger an automatic response depending on the riskiness of the login attempt, including alerting the admins, preventing access, creating a report, etc. This reduces the number of times that IT admins must get directly involved.
Risk Policy for All Users
A compromise of the user’s identity is assessed too. This takes into account third parties who may attempt to impersonate a user to gain access to the network.
Known past user behaviour is compared to the current user to determine how far they are deviating from established, or typical, patterns. Administrators may be notified. They decide what actions to take, including allowing access, blocking access, conditional access, or taking other steps, such as a password reset.
Methods Used to Bolster Corporate Security Using Azure Identity Protection
It’s useful to gain some appreciation of the layered approach that Azure Identity Protection adopts to prevent unauthorised access.
Here are a few of the different security methods in place:
Leaked credentials – Security signals may indicate that login information has fallen into a third party’s hands.
Password spray – A type of brute-force login attempt using predictable password guesses concurrently across multiple company user accounts.
Malware IP link – IP addresses pre-flagged to block access when connected to known malware distribution networks.
Anonymous Logins – Use of a VPN, TOR browser, or another method to hide the true location of the login is noted under risky sign-ins.
Atypical travel – Identifying user sign-ins where the location is out of the norm.
New sign-in properties – Unfamiliar sign-in properties found, suggesting something worth reviewing.
Azure Active Directory Threat Intelligence – Patterns of attack reminiscent of previous ones known to the Microsoft Azure Threat Intelligence team are identified, raising a flag.
Benefits of Using Azure Identity Protection
For busy IT departments, there are many benefits to using Azure Identity Protection. Here are just a few:
Manage Risk Better
Through the Microsoft Azure Security dashboard, IT admins benefit from established risk detection policies. They see security events and assess the riskiest users through real-time reports.
Risky users are listed, with a 3-tiered rating of high, medium, or low. The reports allow admins to dig deeper into why specific user access is considered a higher risk.
Machine Learning
Going beyond MFA, Azure Identity Protection utilises machine learning to continually improve its ability to identify new risks.
Given that cyberattacks are commonplace now, and ever-evolving, the use of machine learning increases the protection of corporate networks.
Using Triggers Effectively
Improvements to login security under Microsoft now reduce the direct involvement of IT admins. Instead, triggers bring higher risk, potential security infractions to their attention while automating responses on lower risk issues.
IT administrators can review potential threats, revise the user policy, reset a password, approve a sign-in, or take other remedial actions in response.
Users also can choose a self-service password reset option or utilise MFA to re-confirm their identity to resolve their login attempt being flagged. For password snafus, temporary ones are issued and subsequently replaced with new ones.
Reduce the Risks of Remote Worker Access
The rise of remote workers has created some complications for IT departments. Suddenly, some employees were logging in from company laptops at a new residential location.
Additional risks with remote worker logins include questionable wireless access, risky shared Wi-Fi networks (i.e., potential “Man in the Middle” attacks), use of unsecured laptops or other devices, plus many others.
By using Azure Identity Protection, companies can enjoy safer remote working by authenticating users via a multi-faceted, robust methodology.
Understanding Security Risks Better
Many of the security risks that a business is exposed to are directly connected to its employees.
Poor password memorisation (including writing it down, or infrequent password changes) regularly leads to unintended security infringements.
Other times, access is sought opportunistically, like an unattended terminal, an unlocked smartphone left on the desk, etc.
When companies adopt broad, enhanced security enforced under Azure Identity Protection, the layered approach provides a rigorous defence of company networks. The automated features coupled with appropriate IT admin oversight, free up IT staff to focus on higher-priority activities.
Get in touch with Microbyte today to discuss how we can enhance your network security for in-house and remote workers alike.