Azure AD P2 Flashcards
What is Identity Protection?
A tool derived from Microsoft’s learnings that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks
Investigate risks using data in the portal.
Export risk detection data to your SIEM.
What is PIM?
Privileged Identity Management (PIM) allows you to provide just-in-time (JIT) privileged access to Azure AD roles and Azure resources.
How does PIM work?
Admin decide which users are eligible to request certain roles. When a request is made, an (optional) approval process is started and if the request is approved e-mails are sent to a list of people notifying them of the approval.
What are the 7 benefits of PIM?
Provide JIT privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates.
Require approval to activate privileged roles.
Enforce multi-factor authentication to activate any role.
Get notification when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for external or internal audit.
How does Identity Protection work?
By using signals to calculate sign-in risk and user risk.
What is sign-in risk?
The probability that the sign-in wasn’t performed by the user.
What is user risk?
The probability that the user identity has been compromised.
How are risks categorized?
Low
Medium
High
What are the two Sign-In Risk signals?
Atypical travel - is the user in a unusual location based off their usual sign ins
Anonymous IP address - Did the user sign-in from an anon VPN or tor browser?
What are the five User Risk signals?
Unfamiliar sign-in properties
Malware linked IP address
Leaked credential
Azure AD threat intelligence
Password spray
What three reports does Azure AD Identity Protection provide for admins?
Risky Users
Risky sign-ins
Risk detections
What can trigger Conditional Access into doing certain actions?
Risk levels
Can Risk signals trigger remediation efforts and what are they?
Yes, it can. The efforts are
Perform MFA
Reset password (if self-service password is enabled)
Block account