Lately, I have blogged about security in the cloud, but as many of you know, most security breaches take place when attackers gain access to an environment by stealing a user’s identity.
It is relatively easy for attackers to gain access by compromising the low privileged user accounts and then leveraging their permissions to super users.
Because of this, we must do:
- Protect all identities regardless of their privilege level
- Proactively prevent compromised identities from being abused
For example, Azure has the following services for Identity Management:
- Single sign-on
- Role based access control
- Reverse Proxy
- Device registration
- Hybrid identity management/Azure AD connect
But what about for identity protection? we can find the following features…
Azure Multi Factor Authentication
I have talked about MFA before, the use of strong passwords and the use of another layer of security, for me nowadays is essential to deploy it in companies. Therefore, even if the user’s password is compromised, hackers cannot access your data and applications.
Security Monitoring, alerts, and machine learning-based reports
With AAD is it possible to monitor and secure the identity as well as draw reports that provide a comprehensive view of activity in the cloud. As an example, we can find the following:
- Do you want to know who has signed-in to your cloud applications, when, to which application, and from where? Check AAD Sign-ins Report.
- Do you want to know who has done which activity and when? Check AAD Audit Logs Report.
- Do you want to know which identity is at risk? Check AAD Users Flagged for Risk Report.
- Do you want to know the risk events, like users who signed in from anonymous IP address? Check AAD Risk Events Report.
Azure AD Identity Protection
In any version od AAD we can find monitoring and security reports, but only as a matter of reporting. But is you want to automate responses to detected suspicious actions is where AAD Identity Protection takes places.
You will be able to set different policies to act against the defined potential risks, like requiring Azure MFA registration, MFA authentication, or password change for risky users. Alternately, you can block the risky user from signing in.
Azure AD Privileged Identity Management
Lastly, we can find AAD Privileged Identity Management (PIM) helps you to mitigate the risk of excessive, unnecessary, or misused access rights.
PIM reduces the need for reviews. Instead, you can proactively control who or what is accessing the resources, when, where, and why. Also allows time-bound access that requires approval from predefined approvers to activate a role, and sends notification emails to you when the role is activated.
Take into account that some of these features require AAD Premium P2 license, but sometimes and extra cost is necessary, think in the money that you will lose (in money and image) if someone external to your company gain access to your data 😉