Microsoft’s enhancements to the Azure Active Directory Identity Protection service are now said to be “generally available” (GA), or ready for commercial use, per a Wednesday announcement.
Typically, Microsoft uses the GA term for its newly emerged commercial products and services. What’s confusing in this case is that Azure AD Identity Protection, offered with Azure AD Premium P2 licensing, actually reached the GA stage more than three years ago. The service is supposedly refreshed now because four enhancements announced at the preview stage back in January are now feature-complete.
It’s this refreshed Azure AD Identity Protection product that is now at the GA stage, although Microsoft also said it reached GA back on Nov. 4, too.
The point, apparently, is that the Azure AD Identity Protection service is really new this time around.
“This is a huge step forward across all of our UEBA [user and entity behavior analytics] capabilities with more and enhanced signals, massively improved APIs for integration with your SOC [security operations center] environments, [and] a new user interface that makes you more efficient!” said Alex Simons, corporate vice president of the Microsoft Identity Division, in the Nov. 13 announcement.
It seems to be a good summary of the so-called refreshed product.
Azure AD Identity Protection now has three APIs (Risky users API, Sign-ins API and Risk detections API) that were derived from the Microsoft Graph, which Microsoft has previously defined as a “cloud-backed data store” subject to artificial intelligence (AI) analysis. The APIs also can be used to share information with various security information and event management (SIEM) solutions in order to get alerts about risky sign-in behaviors.
The Azure AD Identity Protection service also now integrates with the Microsoft Cloud App Security service and the Azure Advanced Threat Protection service, permitting risk information to be shared, if organizations have the licensing.
The Azure AD Identity Protection service also now has three new detection types:
- Azure AD Threat Intelligence: Shows compromises detected by Microsoft’s security team.
- Malicious IP Address: Detects sign-ins associated with malicious IP addresses.
- Admin Confirmed User Compromised: Shows the risky users that were confirmed by IT administrators.
Other detection capabilities of the service that aren’t new are anonymous IP address sign-ins, sign-ins associated with “atypical travel” (or being in two locations at a similar time), sign-ins from malware-linked IP addresses and unfamiliar sign-ins.
Microsoft also claims to have improved the risk detection capabilities of the Azure AD Identity Protection service. It provides advanced reports on “risky users, risky sign-ins and risk detections,” the announcement explained.
The Azure AD Identity Protection is accessed using the Azure Portal, where the refreshed experience likely is already available for Azure AD Premium P2 subscribers.
Reference: https://redmondmag.com/articles/2019/11/13/azure-ad-id-protection-refresh.aspx
