Yes, Identity means all users, groups and even services and applications.
Most security breaches take place when attackers gain access to an environment by stealing a user’s identity.
It is relatively easy for attackers to gain access to important company resources by first compromising the low privileged user accounts and then leveraging their permissions to super users.
Because of this, we need to:
- Protect all identities regardless of their privilege level, and
- Proactively prevent compromised identities from being abused.
So, there must be some identity protection alongside identity management.
We know that Azure has the following services for Identity Management:
- Single sign-on
- Role based access control (RBAC)
- Reverse Proxy
- Device registration
- Hybrid identity management/Azure AD connect
But what does it have for identity protection?
Azure Multi Factor Authentication
Most users do not like to change their password often, or use strong enough passwords. Multi Factor Authentication (MFA) is a method to force the use of more than one verification method when users sign in. This adds another layer of security. Therefore, even if the user’s password is compromised, hackers cannot access your data and applications.
Security Monitoring, alerts, and machine learning-based reports
Azure Active Directory (AAD) uses adaptive machine learning algorithms and heuristics to detect anomalies and suspicious incidents. As a result of this monitoring and security, you can draw reports that provide a comprehensive view of activity in your environment.
- Do you want to know who has signed-in to your cloud applications, when, to which application, and from where? Check AAD Sign-ins Report.
- Do you want to know who has done which activity and when? Check AAD Audit Logs Report.
- Do you want to know which identity is at risk? Check AAD Users Flagged for Risk Report.
- And, do you want to know the risk events, like users who signed in from anonymous IP address? Check AAD Risk Events Report.
Azure AD Identity Protection
Those monitoring and security reports are available in any version of AAD, but they just report the potential security risks and vulnerabilities.
Now, what can you do to stop or prevent the risks and vulnerabilities?
Azure AD Identity Protection enables you to configure automated responses to detected suspicious actions related to user identities.
You can define different policies to act against the potential risks, like requiring Azure MFA registration, MFA authentication, or password change for risky users. Alternately, you can block the risky user from signing in.
Azure AD Privileged Identity Management
Azure AD Privileged Identity Management (PIM) helps you to mitigate the risk of excessive, unnecessary, or misused access rights.
Do you need to review all the roles and permissions from time to time and remove unnecessary access?
Well, PIM reduces the need for reviews. Instead, you can proactively control who or what is accessing the resources, when, where, and why.
And, how do you like this level of supervision?
PIM allows time-bound access that requires approval from predefined approvers to activate a role, and sends notification emails to you when the role is activated.
Azure AD Identity Protection and Azure AD Privileged Identity Management are both part of the Azure Active Directory Premium P2 license.
Although the premium license can add extra cost for you, it is worthwhile. If you think about all the time and money you spend in recording your data and setting up your environment and applications, it is totally worth it to spend some money to protect it.