Azure AD Identity Protection Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

8 hours 33 minutes
Video Transcription
Hello, Siberians. Welcome to this lesson on a giant E identity protection parts to this part off the is at 500 Microsoft Azure security Technologist costs
on this lesson is a continuation off a discussion from the last lesson. So I strongly encourage you to review the previous lesson before watching this one here the topics that will be covering in this lesson.
We'll start by discussing the configuration options that we can implement to automatically apply controls based on detective risk. Event isn't either identity protection policies or risk based conditional access policies will conclude by discussing the A joy DeVos
that have access to identity protection
on the level of access that they have. Let's get into this. It is good that we have this risks and indicators of compromise protected by identity protection. However, we may want to automatically take actions based on the visit are detected.
To do this, we have two options. Is an identity protection policies or, by implementing
this is based conditional access policies. Let's look at these options in Ma details
as your heady identity protection includes treat default policies that administrators can choose to enable toe automatically respond to detect that risks. We have the MFF registration policy, which can be used to require users to register for AM AFI. We have the user miss policy,
which can be used to block, allow access or even require passwords changed
based on the viscous level off a user. Then we have the sign Invest policy, which can also be used to block access, allow access or allow access with M affair required based on the risk level off a signing event. Here's a visual representation off our identity protection policies. Work fast
we configured is the fourth policies in identity protection.
This policy is a classic. If they stand that policies, in other words, when these conditions are detected applied this controls.
So when the user accesses and enjoyed the application they have redirected to all indicates to the directory which validates the A password and for once, the request identity protection,
high density protection than ever allude to the policies on applies the controls.
The M Afia registration policy can be used to require MFF registration.
The use of its policy can be used to allow ah block access to the application off. First, a password reset based on the detective's user risk level that we discussed previously. The Sign Invest policy can be used to allow a block access to the application. All require MFP
based on the detected signing risk level.
The downside to using this option toe apply visit action controls is that it supports very little customization. For example, this cannot be applied on an individual application level.
Whatever we come, figure here will apply to all applications.
The other option to apply controls based on visitation is to use a conditional access policy
you may have not. Is the option to your sign in risk as a condition in conditional hacks is where we went through that model.
This option can only be used with identity protection configured. The advantage is that we can customize their controls on an application level. For example, we can use visitor action levels as a condition on Lee for Eylea sensitive applications. If we so choose to
now dear to the sensitivity off the security information
that can be accessed in identity protection, there was a requirement for user toe have set in a Joy D rose to be able to access the service.
The global administrator and security administrator of roles in Azure Haiti as full access to identity protection.
The security upgrade ovo in Azure Lady can view identity protection reports on response of risk event, but they cannot configure or change risk policies. The security video row in a Joy d, can only view the reports. They cannot respond to risk event or configure vis policies.
He has a quick question for you.
You have an urge or a D Tenants named Super Cloud Start X Y Z
Lieutenant contains the users shown in the following table
which off the users can access as your 80 identity protection.
Option one is a tree only option to use the one and use a to only option tree. Use a one user to and use it. Terry.
If it selected option one, use a tree. Only you would be correct because Onley user tree is assigned on Azure, a Devo that has access stridency protection. And that is the global administrative role in this case.
Here are some supplementary links for further studies on the topics covered in this lesson on In the last lesson,
here's a summary off. The topics have recovered in this lesson.
Who started by discussing the response options that we can implement in relation to detective risk event on the first option that recovered is the identity protection policies
wouldn't covered this base conditional access policies
on. We concluded by discussing the permissions necessary toe access, identity protection on the levels off access that each will has.
Thanks very much for watching on. I'll see you in the next lesson.
Up Next