Azure Active Directory Identity Protection now offers enhanced federation support and European availability

Kareem Anderson

The updates for Azure Active Directory continue to roll in for customers. Alex Simons who is part of the enterprise mobility & security, identity & access management team seems pleased to bring customers of Azure Active Directory Identity Protection news of two additional updates to the service.

Customers using the public preview of AADIP should soon be benefitting from:

  • We’ve turned on support for our “Users at risk” for customers using federation for user authentication
  • Azure AD Identity Protection in now available and fully supported in Europe!

As part of Simons’ announcement, he called upon Salah Ahmed, a member of Azure’s Identity Protection team to help explain exactly what and how the new updates affect customers.

While Ahmed does a masterful job of rendering the subject matter reasonably distilled, his explanation is a bit more granular and dense, equipped with examples and walkthroughs for the new authentication process and navigation techniques for Azure Marketplace.

The long and short of Ahmed’s explanation is as follows:

What’s new today: Starting today, User Risk Policies are available for an organization using federated authentication (i.e. Something like an Active Directory Federation Server or Ping Federate). If the admin has configured a User Risk Policy, the next time a sign-in to Azure AD is detected from a user whose account might be compromised, the user is informed that their account is at risk.

As far as Azure AD Identity Protection for Europe is concerned:

Setting up Identity Protection in the Europe Geo only takes a couple of minutes. An Azure AD Premium license is required to use the full functionality of Identity Protection. To get started:

  1. Sign-in to Azure Preview Portal with global admin credentials
  2. Navigate to the Azure Marketplace and search for “Azure AD Identity Protection”. Click on the Identity Protection tile and click “Create.”
  3. You will be navigated to the Identity Protection onboarding blade. Click “Create” and sit back and relax while your Identity Protection service is set up. You are all done!

The new updates are just another set of expansion features coming to Azure Active Directory as it regards to security and authentication. Just a couple of months ago, the Azure team introduced extended risk-based conditional access to federate identities and judging by the importance Azure holds within Microsoft’s overall strategic future; we can assume even more security features will be rolling out in the months and years to come.