How to deploy Identity Protection | Azure Active Directory

November 22, 2019 posted by

Welcome back everyone. We hope
you’ve already seen the product overview video of Azure AD Identity protection. In this video we will cover how you can
quickly deploy identity protection in your organization,
Sarah could you please help us understand how an organization
can leverage identity protection to protect its users? Absolutely the first step is
setting up your policies. The sign in risk policies is an
automated response. You can configure for a specific sign in
risk level. In your response you can block access to resources or require passing a multi factor authentication or MFA challenge
to prove their identity in order to gain access. So let’s dive into the policy. When you configure
their sign of risk policy you need to set the users and groups
that it applies to. The sign in risk level that
will trigger the policy or the condition. Here, we’ve
selected medium or above. And the controls that you’re
going to put in place to deliver the type of experience you want
when the specific sign in risk level has been met. Here we have
the option to block access or allow access but require MFA. Then we need to enforce the
policy. One important thing to note is that the require MFA
setting will only work for users that I’ve already registered for
MFA. If you target this policy to a user that hasn’t registered
for MFA. Their access will be blocked. If they try to sign in
and have it signed in risk level at or above your threshold. And here’s something interesting. IT Admins can use assigning risk as a condition and multiple
conditional access policies outside of the identity
protection. Thanks Sarah. Defining the Login experience based on
the risk level of a sign in is very effective way to prevent
compromises. Now can you show us how it admins can change the
login experience based on the user’s previous risky logins? Absolutely We can do that with a user risk
policy. The user is policy is an automated response that remediates a user when they meet a specified risk level. When
users at risk. It means that there’s a high likelihood that
their credentials have been compromised, which is why this
policy allows you to block access to the resources or
require the user to reset their password to return them to safe state. To configure the user risk
policy, you will need to set the users and groups
at the policy applies to. The user risk level that will
trigger this policy. And the type of access. You want
to be enforced in the specified user risk level has been met. Here your options are block access or allow access, but
require a password change, then we enforce the policy and you’re
done. The great thing about these policies is that they save
your IT admins time by automating these responses and protections, and can give you peace of mind knowing that the power of Azure AD is behind protecting your sign ins and users. Great, these policies were pretty easy to setup. Do you have any other advice around these policies? Yes, we
recommend doing a staged rollout for these policies. Essentially
start small with a select group of users or groups to deploy
these policies, to and then expand to your broader organization. Also you should
ensure users register for MFA and Self Service password reset
before you deploy the identity protection policies to make this
process easier. We even have an MFA registration policy within
identity protection that can assist with your rollout of MFA.
Thank you Sarah. We hope this video helps you roll out
identity protection in your organization. Join us In our next video
where we will share how IT admins can use Identity protection on
a daily basis.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *