![]() Within Azure AD Conditional Access, we can provide the sign-in risk level as a condition in our Conditional Access policy. If for a user, it’s determined that his/her sign-in risk level is high, we can either block access, allow access, or allow access but require a MFA. If for a user, it’s determined that he/she has a high-risk level (as provided by the ML capabilities coming from Microsoft), we can either block access, allow access or allow access but require a password change. Functionality may change, even right after this post has been published. This article covers the following topics:ĭisclaimer: This post reflects the status of Azure AD Identity Protection as of April 7th 2020. This outcome can later be used to define policies.īy leveraging Azure AD Identity Protection you are able to use the signals provided by Microsoft and trigger “actions” – the signals can also be leveraged in your conditional access policies. The outcome of risk is expressed as either High, Medium, Low or No Risk. Based on the risk, automatic investigation, remediation and sharing of that data with other solutions able to leverage it is possible. One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some real fancy Machine Learning on that data, coming from Azure AD, Microsoft Accounts and even Xbox services.īased on all that data the Machine Learning capabilities are able to identify identity risks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |