Azure AD Identity Protection

Preview

Microsoft Entra ID Protection (formerly known as Azure AD Identity Protection) is a cloud-based identity security solution that helps organizations detect, investigate, and remediate risks related to user accounts in Microsoft Entra ID (formerly Azure AD). This tool actively utilizes advanced machine learning algorithms and behavioral analytics to detect suspicious activities in real-time. Entra ID Protection analyzes hundreds of signals during each sign-in attempt and evaluates the risk associated with both the sign-in itself (e.g., sign-in from an anonymous IP address, unfamiliar location, brute force indicators) and the user as a whole (likelihood of account compromise). Based on these risk assessments, administrators can configure Conditional Access policies that automatically apply appropriate response measures. For instance, in case of a high sign-in risk level, the system can block access or require multi-factor authentication (MFA), while for a high user risk level, it might enforce a password reset. The platform provides detailed reports on risky sign-ins and users, enabling security teams to efficiently investigate incidents. Entra ID Protection is a key component of Microsoft's Zero Trust security strategy, helping to ensure that access is granted only to verified users from secure devices and trusted locations. The solution integrates with other Microsoft Security services, such as Microsoft Sentinel (SIEM), for centralized monitoring and threat response. Access to Entra ID Protection features is provided as part of Microsoft Entra ID P2 licenses.