Microsoft Entra ID Protection

Microsoft Entra ID Protection

Watch the video to deepen your understanding.

Subscribe

Complete the full lesson to earn 25 points

Work through each section, then tap “Mark as Complete” on the last one.

Section 1 of 4

✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro

Microsoft Entra ID Protection: Securing Identities with Adaptive Intelligence

Introduction: Why Identity Protection Matters

In the modern perimeter-less enterprise, the identity is the new security boundary. Attackers no longer "break in"; they "log in" using compromised credentials, session hijacking, or social engineering.

Microsoft Entra ID Protection is a feature of Microsoft Entra ID P2 that allows organizations to detect, investigate, and remediate identity-based risks. Instead of relying on static passwords, Entra ID Protection uses machine learning and behavioral analytics to assess the "risk level" of every sign-in attempt and user account, triggering automated responses when suspicious activity is detected.


How Entra ID Protection Works

Entra ID Protection operates on two primary pillars: Risk Detections and Risk Policies.

1. Risk Detections

The system continuously analyzes signals from billions of sign-ins across the Microsoft ecosystem. Detections are categorized into:

  • Sign-in Risk: Represents the probability that a specific authentication request is not authorized by the legitimate owner.
  • User Risk: Represents the probability that a user account has been compromised based on historical behavior and leaked credentials.

Common Detection Types:

  • Anonymous IP address: Sign-in from an anonymizer (e.g., Tor browser, VPN).
  • Unfamiliar sign-in properties: Sign-in from a device or location not previously associated with the user.
  • Leaked credentials: Detection that the user’s username/password pair has been published on the dark web.
  • Malware linked IP address: Sign-in from an IP address known to be infected with malware.

2. Risk Policies

Policies allow you to automate the response to these detections. You can define what happens when a risk threshold (Low, Medium, or High) is met.

  • User Risk Policy: If a user’s account is deemed "at-risk," you can force a password reset.
  • Sign-in Risk Policy: If a sign-in is deemed "at-risk," you can force Multi-Factor Authentication (MFA) or block access entirely.

Note: To use these policies, you must have Microsoft Entra ID P2 licensing.


Section 1 of 4
PrevNext