Implementing Azure AD Identity Protection Flashcards
What is the purpose of Azure Identity Protection?
Azure Identity Protection is used to automatically detect identity-based risks and automate the remediation of those risks. It helps organizations identify and mitigate risks related to user identities.
How can Azure Identity Protection assist in risk remediation?
When Azure Identity Protection detects a risk, it can automatically trigger remediation actions such as forcing a user to perform Multi-Factor Authentication, resetting their password using SSPR, or blocking the user until further investigation and action by an administrator.
What are the three reports available in Azure Identity Protection for investigating detections?
The three reports are the Risky Users report, the Risky Sign-Ins report, and the Risk Detections report. These reports provide information about risky users, risky sign-ins, and overall risk detections.
How does Azure Identity Protection categorize risks?
Azure Identity Protection categorizes risks into three tiers: low, medium, and high. The tier represents the confidence level in the assigned risk, with higher tiers indicating higher confidence and a greater need for attention and remediation.
What permissions and licensing are required to access Azure Identity Protection?
To access Azure Identity Protection, users need to have the Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator role. In terms of licensing, Azure AD Premium P2 is required for meaningful usage and functionality, although some reporting capabilities are available with Azure AD Premium P1.
What are the three default identity protection policies available in Azure AD Identity Protection?
The three default identity protection policies are the MFA Registration Policy, the User Risk Remediation Policy, and the Sign-In Risk Remediation Policy.
What is the purpose of the MFA Registration Policy?
The MFA Registration Policy forces users to register for Azure AD multi-factor authentication at sign-in, ensuring that all users register for MFA on their first day of employment.
How does the User Risk Remediation Policy work?
The User Risk Remediation Policy allows you to define actions to be taken when Identity Protection determines that a user’s account may be compromised based on observed behavior. You can configure the policy to block access, allow access, or allow access with a required password change.
What does the Sign-In Risk Remediation Policy allow administrators to do?
The Sign-In Risk Remediation Policy enables administrators to enforce organizational requirements based on the risk score calculated by Identity Protection for a specific sign-in. Administrators can choose to block access, allow access, or allow access with a requirement for multi-factor authentication.
Can custom policies be created in Azure AD Identity Protection?
Yes, administrators can create custom Conditional Access policies that include sign-in risk as an assignment condition if the default policies do not meet their specific needs. However, the default policies are designed to fit most typical environments.
