Azure Identity Protection with New Risk Id feature
Microsoft recently released a few new AAD features, namely My Apps “collections” and new “risk detections” capabilities, into general availability. With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
With the GA of user-based collections in Azure AD, users can now create and manage their personalized app collections in the My Apps Portal. With the My Apps collections, users can create tabs organized by app function, role, or other categories that make it easier to discover and access apps. Furthermore, these collections can also be surfaced in the Office portal – when users want to combine broad app launch within their Office productivity hub. Users will need to have an Azure AD Premium P1 or P2 license, to create the collections through the My Apps portal via the Azure portal.
Lastly, with the GA release of collections, Microsoft stated it would be available by default in all tenants, and no particular URL is required.
Besides My Apps collections, the company also released new risk detections in AAD Identity Protection. These new risk detections are the (MCAS):
- New Country – which looks for deviations in past user activity locations,
- Activity from Anonymous IP Address – which detects the use of an anonymous proxy address for access,
- and Suspicious Inbox Forwarding Rules – which checks for possibly dubious forwarding rules, such as a rule that sends e-mails to an external address.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory and with the expansion of detections, organizations will gain more insights into suspicious activities and the ability to respond quickly. Although the new detections are a part of the Azure AD Identity Protection service, users can still link back to the MCAS UI in the risk details to investigate further if necessary.
Users can stream logs from Azure AD Identity Protection into Azure Sentinel to stream alerts into Azure Sentinel to view dashboards, create custom alerts, and improve investigation. To be able to do this, they will need an Azure AD Premium 2 subscription.