Issue link: https://insights.oneneck.com/i/1482798
January 2020 17 Identity protection A compromised identity credential, even one with low-level privileges, is all hackers need to gain entry into an organization to begin moving laterally, undetected, to gain access to mission-critical systems and data. There are countless cases of documented data breaches in which a payload was delivered through a compromised user login and then used to sniff out other username/password combinations, over the course of months or even years, to eventually gain administrator privileges and access to critical systems and data. To implement strong identity, organizations need a way to rapidly detect compromised identities and proactively prevent them from being misused. Azure AD Identity Protection uses heuristics and adaptive machine learning to detect anomalous behavior and suspicious incidents that indicate potentially compromised identities. It generates alerts and reports that enable administrators to evaluate detected issues and take the appropriate action to remediate or mitigate the issue. Administrators can configure risk-based policies within Azure AD Identity Protection to automatically respond to detected risks. Policies can be configured to automatically block access when a specified risk threshold has been reached or to require MFA, a password reset, or other adaptive remediation actions. Administrators also can set policies for responding to suspicious user activity or risky sign-ins such as those from an anonymous IP address or unfamiliar location. How strong identity management provides a foundation for 'Zero Trust' security