Identity Protection
Azure AD feature that detects identity-based risks and enables automated responses to suspicious sign-ins.
What is Identity Protection?
Identity Protection uses machine learning to analyze billions of sign-ins and detect anomalies. It calculates sign-in risk (is this sign-in attempt suspicious?) and user risk (is this account likely compromised?). Risk signals include impossible travel, anonymous IP usage, password spray detection, and leaked credential detection from dark web monitoring.
In Microsoft 365
Azure AD Identity Protection requires P2 licensing. Sign-in risk policies can block or require MFA for risky sign-ins. User risk policies can force password changes for compromised accounts. Risk signals feed into Conditional Access policies for risk-based access decisions.
Examples
- 1Detecting impossible travel between locations
- 2Identifying sign-ins from anonymous IP addresses
- 3Detecting leaked credentials from dark web
Related TrueConfig Controls
These controls help implement and verify identity protection in your Microsoft 365 environment.
Frequently Asked Questions
What is Identity Protection?▼
How does Identity Protection work in Microsoft 365?▼
What are examples of Identity Protection?▼
Which TrueConfig controls relate to Identity Protection?▼
Related Terms
Sign-in Risk
Real-time assessment of the probability that a given sign-in attempt is not performed by the legitimate account owner.
User Risk
Assessment of the probability that a user account has been compromised based on accumulated risk signals.
Conditional Access
Policy-based access control that evaluates signals and enforces security requirements before granting access.