Manage Identities and Access Flashcards
Azure Active Directory - Users with leadked credentials
What is the risk level and detection type?
Azure Active Directory - Users with leadked credentials
What is the risk level and detection type?
Risk Level: High
Detection Type: Offline
Categories: What is risk? Azure AD Identity Protection | Microsoft Docs
Investigate risk Azure Active Directory Identity Protection | Microsoft Docs
Azure Active Directory - sign-ins from anonymous IP addresses
What is the risk level and detection type?
Azure Active Directory - sign-ins from anonymous IP addresses
What is the risk level and detection type?
Risk Level: Medium
Detection Type: Real-time
Azure Active Directory - Impossible travel to atypical locations
What is the risk level and detection type?
Azure Active Directory - Impossible travel to atypical locations
What is the risk level and detection type?
Risk Level: Medium
Detection Type: Offline
Azure Active Directory - Sign-ins from infected devices
What is the risk level and detection type?
Azure Active Directory - Sign-ins from infected devices
What is the risk level and detection type?
Risk Level: Low
Detection Type: Offline
Azure Active Directory - Sign-ins from unfamiliar locations
What is the risk level and detection type?
Azure Active Directory - Sign-ins from unfamiliar locations
What is the risk level and detection type?
Risk Level: Medium
Detection Type: Real-time
Azure Active Directory - Sign-ins from IP addresses with suspicious activity
What is the risk level and detection type?
Azure Active Directory - Sign-ins from IP addresses with suspicious activity
What is the risk level and detection type?
Risk Level: Low
Detection Type: Real-time
Authentication Methods - Decision Tree
Password Hash Sync + Seamless SSO
Authentication Methods - Decision Tree
Password Hash Sync + Seamless SSO
- Scenario 1
- Azure AD to handle sign-ins
Authentication Methods - Decision Tree
Pass-through Auth + Seamless SSO
Authentication Methods - Decision Tree
Pass-through Auth + Seamless SSO
- Scenario 1
- Azure AD to handle sign-ins
- Enforcing Azure Directory security policies
- Scenario 2
- Sign-ins handled on-premise (not in the cloud)
Authentication Methods - Decision Tree
Pass-through Auth + Seamless SSO with Password Hash Sync
Authentication Methods - Decision Tree
Pass-through Auth + Seamless SSO with Password Hash Sync
- Scenario 1
- Azure AD to handle sign-ins
- Enforcing Azure Directory security policies
- Disaster recovery needed or credential reports needed
- Scenario 2
- Sign-ins handled on-premise (not in the cloud)
- Disaster recovery needed or credential reports needed
Authentication Methods - Decision Tree
Federation
Authentication Methods - Decision Tree
Federation
- Scenario 1
- Azure AD to handle sign-ins
- Sign-in requirement no supported by Azure
- Scenario 2
- Azure AD to handle sign-ins
- Enforcing Azure Directory security policies
- Sign-in requirement no supported by Azure
- Scenario 3
- Sign-ins handled on-premise (not in the cloud)
- Integration with Federation provider
Note: If disaster recovery or credential reports is needed, then Federation with Password Hash Sync is required.
Authentication Methods - Decision Tree
Federation with Password Hash Sync
Authentication Methods - Decision Tree
Federation with Password Hash Sync
- Scenario 1
- Azure AD to handle sign-ins
- Sign-in requirement no supported by Azure
- Disaster recovery needed or credential reports needed
- Scenario 2
- Azure AD to handle sign-ins
- Enforcing Azure Directory security policies
- Sign-in requirement no supported by Azure
- Disaster recovery needed or credential reports needed
- Scenario 3
- Sign-ins handled on-premise (not in the cloud)
- Integration with Federation provider
- Disaster recovery needed or credential reports needed
