Differences

This shows you the differences between two versions of the page.

--- azure:az-500:manage_secure_access_by_using_azure_ad [2022/07/21 14:05] – [Sign-in Risk Policy] mmuze
+++ azure:az-500:manage_secure_access_by_using_azure_ad [2022/07/22 23:17] (current) – [§ Identity Protection] mmuze
@@ Line 12: / Line 12: @@
   * [[azure:az-500:azure_privileged_identity_management|Azure Privileged Identity Management]]
-====== § Identity Protection ======
+====== Identity Protection ======
+  * Identity Protection provides policies for a few common scenarios.
+  * These policies require an AAD P2 license
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies]]
+  * These are under ''Azure AD/Manage/Security/Identity Protection/Protect'' and include these:
+    * **Azure AD MFA registration policy** - requires users to register for MFA
+    * **Sign-in risk policy** - a risk score is calculated to indicate the likelihood that a sign-in was not performed by the user. Based on this score administrators can choose to block access, allow access or allow access but require multi-factor authentication.
+    * **User risk policy** - a risk score is calculate to indicate the likelihood that a user account has been compromised. Based on this score administrators can choose to block access, allow access or allow access but require a password change.
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection]]
 Identity Protection is a tool that allows organizations to accomplish three key tasks:
@@ Line 42: / Line 51: @@
 ===== Azure MFA Registration Policy =====
   * As a best practice it is recommended to require MFA and this policy does that.
+  * MFA **Enabled** = The admin has enabled MFA on the account, but the user hasn't set it up.
+  * MFA **Enforced** = The user has completed the setup of their MFA.
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#azure-ad-multi-factor-authentication-user-states]]
 ===== Risk Events =====
@@ Line 61: / Line 73: @@
 {{:azure:az-500:conditional-access-overview-how-it-works.png|}}
-  * When organizations both include and exclude a user or group the user or group is excluded from the policy, as an exclude action overrides an include in policy.
 ====== Azure AD Access Reviews ======
+  * **Access Reviews** refers the features in Azure and process around it to periodically review user access to make sure only the right people have continued access.
   * Requires an Azure AD P2 license
+  * Access Reviews can be use to see who has administrative access, who is a Global Administrator, who is a guest/external user.
+  * There are multiple types of reviews as shown here, [[https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#where-do-you-create-reviews]]
+      * security/Office 365 groups
+      * application access
+      * AAD role
+      * ARM/RBAC roles
   * As part of creating an Access Review you specify things like the frequency of the review and who will do the review.
   * [[https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review]]
+  * **Licensing:** [[https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection]]