More and more enhancements related to Identity Protection have been announced today! So let’s see all of them:
- Improved user interface that now includes security insights, ability to filter and create reports
- New APIs that allow you to use all this monitored data to your own ticketing systems
- Improved risk assessment, so to be able to have a better risk analysis
- Service-Wide alignment with risky users and risky sign-ins, because we now that very often it’s the user that causes the problem.
All these new features are available to customers with an Azure AD Premium P2 subscription.
New user interface
1. Security Overview
This new view provides user and sign-in risk trends, in order to get a better idea of possible attacks. Take a look at the tiles on the right side, they give you valuable information telling you what to do:
Risky User Report
Really great tool, because it immediately gives you all the information you need about your users and take corrective action.What I really liked is the Risk events not linked to a sign-in tab: it shows you detections not tied to a sign in. For instance, the user may have reused their credentials at another site that was compromised.
And let’s see something new: The Risky sign-ins report gives you a single, integrated view to see basic sign-in info, risk, device, Multi-Factor Authentication (MFA), and policy information.
Smart feedback lets you protect your users by acting upon the risk assessment. If you conclude sign-ins were compromised, you can select these sign-ins and click Confirm compromised. Alternatively, you can click Confirm safe.
All the data you access through the new UX is available to you via the MS-Graph APIs. You can programmatically route Identity Protection data into your SIEM, storage, ticketing, or alerting system through the following APIs.
And let’s talk about the improved risk assessment feature that practically has two options: the aggregate sign-in risk, which is new, considers all the malicious activity detected on a sign-in. It includes real-time detections (detections that trigger during the sign-in), non-real-time detections (detections that trigger minutes after the sign-in), detections made by partner security products, and other features of a sign-in.
The other option is the improved User-risk detection, using advanced machine-learning technology to automatically deal with risky users.
It seems that risky sign-ins and risky users is the most important part of Identity Protection, so it’s redesigned based on these two entities.
Thanks for your time!