Azure AD Identity Protection

Automate risk detection and remediation for identity-based risks.

A person sitting at their desk resting their head on their hand looking at a laptop.

What is Azure AD Identity Protection?

Stay informed about suspicious user and sign-in behavior in your environment. Use Azure AD to accomplish three key tasks.

Detection

Monitor for user and sign-in risks calculated based on identity threat detections from multiple sources.

Remediation

Build risk policies that balance security and productivity while reducing response time and lowering help desk costs.

Investigation

Prioritize high-risk users and sign-ins with a simplified user interface, risk insights, and recommendations.

A screenshot from the video of the panel of speakers.

Watch the video

See how Azure AD Identity Protection helps you prevent, detect, and remediate identity risks and secure your identity environment.

Capabilities

Intelligently detect and respond to compromised accounts using cloud-based AI and automation capabilities to identify compromised accounts quickly.

A multi-factor authentication registration policy, a user risk remediation policy and a sign-in risk remediation policy showing assignments, controls, and enforcement.

Enhance adaptive access policies with risk analysis

Enhance conditional access policies with real-time risk detection. Use risk scores to determine whether to block, allow, or allow with multifactor authentication or a password reset.

Revoke access immediately when conditions change

Automatically revoke access in near real time to Microsoft Exchange Online, SharePoint Online, and Microsoft Teams when critical events or policy violations are detected.

A risky users report in Azure showing users, risk state, risk level and risk last updated.

Investigate and remediate risk detections quickly

Compile reports of risky users, sign-ins, and events for a simple, end-to-end investigation and remediation experience in a single, cloud-based portal.

A multi-factor authentication registration policy, a user risk remediation policy and a sign-in risk remediation policy showing assignments, controls, and enforcement.

Enhance adaptive access policies with risk analysis

Enhance conditional access policies with real-time risk detection. Use risk scores to determine whether to block, allow, or allow with multifactor authentication or a password reset.

Revoke access immediately when conditions change

Automatically revoke access in near real time to Microsoft Exchange Online, SharePoint Online, and Microsoft Teams when critical events or policy violations are detected.

A risky users report in Azure showing users, risk state, risk level and risk last updated.

Investigate and remediate risk detections quickly

Compile reports of risky users, sign-ins, and events for a simple, end-to-end investigation and remediation experience in a single, cloud-based portal.

Get started with Azure AD

Azure AD Identity Protection is available with Azure AD Premium P2:

  • Microsoft 365 E5 includes a free 30-day trial of Azure AD Premium P2.
  • Azure and Office 365 subscribers can buy Azure AD Premium P2 online.

Documentation and training

Get started

Safeguard your organization with the Microsoft Entra identity and access management solution that connects people to their apps, devices, and data.

Azure AD empowers organizations to manage and secure identities for employees, partners, and customers to access the applications and services they need. Azure AD provides an identity solution that integrates broadly, from on-premises legacy apps to thousands of top software as a service (SaaS) applications, delivering a seamless end-user experience and improved visibility and control.