In a week’s time, Microsoft will begin rolling out some exciting new changes to Azure. Starting September 15th, Azure AD Identity Protection, Privileged Identity Management and Premium P2 will all be made generally available.
In a recent blog post, Senior Program Manager Alex Simmons outlined what these features will bring to customers. He also enlisted the help of Program Manager of Identity Security and Protection Alex Weinert, as well as head of Governance and Administration Joseph Dadzie.
Azure Active Directory Identity Protection
For those unfamiliar, Azure AD Identity Protection is a cloud security service. It leverages machine learning to analyze contextual data to detect and prevent attacks on organization’s accounts. Though the service is available to some in Europe and North America already, this will mark the general release.
Identity Protection will available as part of the new Azure Active Directory Premium 2 offering, as well as Active Directory Privileged Identity Management. According to Weinert, Microsoft combs the following sources for signs of an attack:
- User behavior data from 14 billion daily authentication events each day
- Attacker behavior data from millions of attacks each day
- Threat data from applications, industry partners, researchers, law enforcement and industry
- Botnet data from Microsoft’s Digital Crimes Unit
- Malware information from the Windows Defender team
This amounts to over 10TB of data every single day, and means the service can prevent and monitor threats very effectively. User can then monitor and view these “Risk Events” in the Identity Protection panel.
This allows organizations to identify any patterns, such as the user accounts most at threat, and set up risk-based Conditional Access policies to block attacks as they happen. It also lets you order users by their risk level, as well as access more details about the threat.
Azure Active Directory Privileged Identity Management
The other component of the Premium P2 plan is Privileged Identity Management. Traditionally, IT admins needed permanent and monitored access to high-value information and services in order to do their jobs.
The problem is that even if you trust that person completely, an attack on their account by an outside party could result in catastrophic consequences for the organization. This often goes undetected for long periods, which can result in all kinds of problems.
Dadzie says Identity Management lets businesses reduce risks by helping them to:
- “Discover who the most privileged users in their tenants are, across Azure Active Directory, Office365, Intune and other services, with a dashboard, APIs and notifications of new role assignments
- Reduce the exposure of these privileged users to the risk of attack, converting them from permanent role assignment to being eligible for “Just in time” role activation
- Enable Just-In-Time (JIT) privileged role assignment, for eligible privileged users to request permissions, with policies to require Multi-Factor Authentication (MFA) or trouble ticket numbers, send notifications, and limit the time the user is in the role.
- Retrieve alerts and audit reports for tracking and monitoring privileged users’ assignments and activations
- Conduct access reviews of privileged user accounts by admins or designated reviews to assure the admins continue to require access to privileged roles and access permissions.
All of this adds up to a more secure Azure experience. Additionally, data from both can be explored using APIs for Microsoft Graph and Power BI.