What is Azure Identity Protection, and what benefits does it provide? | Microbyte

What is Azure Identity Protection, and what benefits does it provide?

Azure Identity Protection

Many years ago, logging into a company’s network was a simple matter. If you could remember your username and password combination, you were golden. However, as intrusion attempts became smarter, it became necessary to offer more sophisticated protection systems.

While there are various Active Directory solutions, Identity Protection is an additional implementation by Microsoft specifically aimed at improved login verification, particularly for risky users. This goes far beyond a simple user/password verification to better protect businesses from enhanced risks.   

Identity Protection in a Nutshell

Getting to the bottom of who is attempting to log in, assessing the risk to the network, protecting the network, and reporting risky users to IT admins is part of the Azure Identity Protection package.

Multi-factor Authentication

Multi-factor authentication aka (MFA) has become more familiar to users now. It provides a second method to confirm identity during a sign-in. The use of MFA technology has been shown to prevent successful malicious attacks over 99.9% of the time.

The Azure multi-factor authentication implementation allows IT admins to ensure everyone on their network uses it. This is achieved with Azure Identity Protection using a secondary form of ID, such as a face ID check, a fingerprint on a desktop fingerprint reader or a smartphone, the use of safer devices, or through other methods.

Even determined attackers cannot easily gain access to an employee’s fingerprint, or their smartphone to access the network. This is why MFA has proven so successful, taking companies from a single factor (user/password combo) to a multi-factor security configuration.

Risk Policy for All Sign-ins

For every sign-in activity, Azure Identity Protection makes a fresh determination of whether a user’s identity has been compromised or not.

Risks are determined initially based on how they’re set up by the IT admins.

For example, logging into the corporate network from a company laptop, on one of the network’s IP addresses inside the head office, will be deemed as less risky. This is because risk assessments include the device being used to log in, the location (based on the IP address), amongst other factors.

A risk score is determined, with the potential for some login attempts to be deemed ‘risky’ for the network. Policies established by the IT admins trigger an automatic response depending on the riskiness of the login attempt, including alerting the admins, preventing access, creating a report, etc. This reduces the number of times that IT admins must get directly involved.

Risk Policy for All Users

A compromise of the user’s identity is assessed too. This takes into account third parties who may attempt to impersonate a user to gain access to the network.

Known past user behaviour is compared to the current user to determine how far they are deviating from established, or typical, patterns. Administrators may be notified. They decide what actions to take, including allowing access, blocking access, conditional access, or taking other steps, such as a password reset.

Methods Used to Bolster Corporate Security Using Azure Identity Protection

It’s useful to gain some appreciation of the layered approach that Azure Identity Protection adopts to prevent unauthorised access.  

Here are a few of the different security methods in place:

Leaked credentials – Security signals may indicate that login information has fallen into a third party’s hands.

Password spray – A type of brute-force login attempt using predictable password guesses concurrently across multiple company user accounts.

Malware IP link – IP addresses pre-flagged to block access when connected to known malware distribution networks.

Anonymous Logins – Use of a VPN, TOR browser, or another method to hide the true location of the login is noted under risky sign-ins.

Atypical travel – Identifying user sign-ins where the location is out of the norm.

New sign-in properties – Unfamiliar sign-in properties found, suggesting something worth reviewing.

Azure Active Directory Threat Intelligence – Patterns of attack reminiscent of previous ones known to the Microsoft Azure Threat Intelligence team are identified, raising a flag.

Benefits of Using Azure Identity Protection

For busy IT departments, there are many benefits to using Azure Identity Protection. Here are just a few:

Manage Risk Better

Through the Microsoft Azure Security dashboard, IT admins benefit from established risk detection policies. They see security events and assess the riskiest users through real-time reports.

Risky users are listed, with a 3-tiered rating of high, medium, or low. The reports allow admins to dig deeper into why specific user access is considered a higher risk.

Machine Learning

Going beyond MFA, Azure Identity Protection utilises machine learning to continually improve its ability to identify new risks.

Given that cyberattacks are commonplace now, and ever-evolving, the use of machine learning increases the protection of corporate networks.

Using Triggers Effectively

Improvements to login security under Microsoft now reduce the direct involvement of IT admins. Instead, triggers bring higher risk, potential security infractions to their attention while automating responses on lower risk issues.

IT administrators can review potential threats, revise the user policy, reset a password, approve a sign-in, or take other remedial actions in response.

Users also can choose a self-service password reset option or utilise MFA to re-confirm their identity to resolve their login attempt being flagged. For password snafus, temporary ones are issued and subsequently replaced with new ones.

Reduce the Risks of Remote Worker Access

The rise of remote workers has created some complications for IT departments. Suddenly, some employees were logging in from company laptops at a new residential location.

Additional risks with remote worker logins include questionable wireless access, risky shared Wi-Fi networks (i.e., potential “Man in the Middle” attacks), use of unsecured laptops or other devices, plus many others.

By using Azure Identity Protection, companies can enjoy safer remote working by authenticating users via a multi-faceted, robust methodology.


Understanding Security Risks Better

Many of the security risks that a business is exposed to are directly connected to its employees.

Poor password memorisation (including writing it down, or infrequent password changes) regularly leads to unintended security infringements.

Other times, access is sought opportunistically, like an unattended terminal, an unlocked smartphone left on the desk, etc.

When companies adopt broad, enhanced security enforced under Azure Identity Protection, the layered approach provides a rigorous defence of company networks. The automated features coupled with appropriate IT admin oversight, free up IT staff to focus on higher-priority activities.

Get in touch with Microbyte today to discuss how we can enhance your network security for in-house and remote workers alike.

Similar blogs

what are managed services

IT Disaster Recovery in London

In our digitally-connected world, reliance on IT systems has become paramount for every facet of modern business operations. However, the escalating dependence on IT infrastructure means the stakes are higher, and there is an increased risk of cyberattacks, hardware failures, natural disasters, and human error, all of which could lead to substantial downtime, data loss,…

Read More

Avatar photo

future of IT

IT Consultancy London

Based in the heart of London with over 20 years of experience providing world-class IT support, Microbyte understands that modern businesses have increasingly high technical requirements. Companies require strategic insights, cutting-edge solutions, and a competitive edge to thrive. Our IT consultancy services are designed to empower your business with the expertise it needs to navigate…

Read More

Avatar photo

cyber essentials checklist

Cyber Security Consultants London

In a time when technological advancements and an increasingly connected world are defining how we live, the importance of cybersecurity has become a paramount concern. With businesses, governments, and individuals alike continuing to rely on digital platforms for communication, commerce, and data storage, it is imperative to safeguard sensitive information, preserve digital integrity, and combat…

Read More

Avatar photo

IT support case study

IT Relocation in London

When it comes to IT relocation, the transfer of technological infrastructure from one physical location to another, working with a team you trust is crucial.  A well-executed IT relocation has the power to safeguard operational continuity while enabling growth and allowing for adaptability in an ever-evolving digital landscape. At Microbyte, we offer full-service relocation solutions…

Read More

Avatar photo

Microsoft Aligns pricing with USD

What is Microsoft Defender for Business

Microsoft Defender for Business is designed with numerous security features to keep corporate users safe from cyber threats. Intended to be used by companies with fewer than 300 employees, the software tool offers broad capabilities to protect the corporate network and the company from bad actors. Brief Overview of Microsoft Defender for Business Defender for…

Read More

Avatar photo

why feedback is important

Why Feedback is a Powerful Tool

Have you ever received an email from a business asking for feedback? We bet you have. Did you give feedback? Did you ignore the email? Did you give 5 stars just so that you can say you gave feedback? You aren’t alone. The average response rate to email-requested feedback rates sits at 26% for most…

Read More

Avatar photo