Who is Your Company's Riskiest User?

Chris Nicholas • August 11, 2017
GET MICROSOFT VIRTUAL DESKTOP FOR YOUR BUSINESS

Wouldn’t it be great if we could detect when our user accounts were being used in places it would have been impossible for us to travel to? How protected would you feel if you knew users exhibiting risky, anomalous behavior were automatically challenged for a second layer of authentication? Maybe we should run a system to alert administrators when these kinds of things were going on!


If you haven't guessed it so far, my cheesy delivery is failing. We can do all of that today.


Azure Active Directory Identity Protection is the very same security Microsoft uses to protect its own internal identities. It incorporates machine learning algorithms and heuristics to detect, assess and if configured, take action on suspicious behavior.


The automatic responses to risky situations means we can impose tougher security when it is called for, situationally. The user benefits because normal behavior is rewarded with a less authentication challenged experience. Automatic responses include multi-factor authentication enforcement or even a password reset. It can be tuned to be extremely sensitive to risk, or take action only when very obvious malicious activity is occurring.


We can report on the riskiest user accounts, review security posture recommendations and look at all of that on pretty dashboards.

I've included a few of the more interesting screenshots and the link to the Microsoft documentation on this technology.


Identity Protection capabilities


Detecting vulnerabilities and risky accounts:


  • Providing custom recommendations to improve overall security posture by highlighting vulnerabilities
  • Calculating sign-in risk levels
  • Calculating user risk levels


Investigating risk events:


  • Sending notifications for risk events
  • Investigating risk events using relevant and contextual information
  • Providing basic workflows to track investigations
  • Providing easy access to remediation actions such as password reset


Risk-based conditional access policies:

  • Policy to mitigate risky sign-ins by blocking sign-ins or requiring multi-factor authentication challenges.
  • Policy to block or secure risky user accounts
  • Policy to require users to register for multi-factor authentication

 

Identity Protection dashboard.

The dashboard gives you access to:


  • Reports such as Users flagged for risk, Risk events and Vulnerabilities
  • Settings such as the configuration of your Security Policies, Notifications and multi-factor authentication registration


Users flagged for risk dashboard

User risk levels

Review sign-ins from anonymous networks


It goes on, and alas I have brevity requirements to observe! If you want to know more about getting this enabled, the best practices surrounding these features or how you can utilize Azure Active Directory, a conversation would be a great starting point!

CONTACT US TO LEARN MORE ABOUT THIS TOPIC OR TO SCHEDULE A CALL
Data security needs layers of protection throughout its lifecycle. Akins IT and Microsoft Purview

Why MFA Alone Isn't Enough: Enhancing Security with Microsoft Conditional Access

By Shawn Akins May 15, 2025
Strengthening Your Security Posture with Dynamic Access Control

Alternatives to VMware: Cost-Effective Virtualization Solutions for Your Business

By Shawn Akins May 15, 2025
Discover Affordable and Reliable Virtualization Platforms

Comparing Mimecast Email Security vs M365 Email Security: A Comprehensive Guide

By Shawn Akins May 13, 2025
Discover the Key Differences Between Mimecast and M365 Email Security Solutions and Learn Why Akins IT is Your Trusted Partner for Email Protection
More Posts