Summary

In this chapter, we examined Azure AD Identity Protection, which can be accessed from the Azure portal. We demonstrated how Identity Protection detects and records risky users, risky sign-ins, and risk events, and also provides us with the ability to review, investigate, and remediate these events with powerful preventative measures such as blocking user access, forcing password changes, or requiring MFA.

We also showed how reports and alerts can be generated and interpreted. Understanding these principles will enable you to effectively and diligently manage Azure AD Identity Protection in your Microsoft 365 environment and take the necessary steps to ensure that compromised users are identified and remediated in a timely fashion.

In the next chapter, we will examine the principles of Azure Advanced Threat Protection. We will show you how to plan for and configure ATP, as well as how to monitor and interpret the reporting features.