Welcome everyone and thank you
for being here. The topic for
today's discussion is Azure
Active Directory Identity
Protection. My name is Rajat Luthra and I'm a senior program
manager at Microsoft identity
security and protection team, so
everyone. My name is Sarah
Handler and I'm also a program
manager at Microsoft Identity
security and protection team. Today,
we're going to talk about what
identity protection is and how
it works.  Azure AD Identity
Protection is an identity admin’s toolbox to prevent, detect and
remediate identity risk in their
organization. It monitors every
login for identity compromise
using numerous detections. These
detections can be based on heuristics.
Or machine learning or they can
come from partner products. Can
you share what we do with these
detections that identity
protection. Sure these addictions
are super valuable the secret
sriracha sauce of Identity Protection. We use these
detections to calculate user
risk an sign in risk. User risk
represents the probability an
identity is compromised whereas
sign in the probability
assigning is compromised. The
sign-in risk can be off real time
or aggregate type real time sign
in risk is based exclusively on
detections made during the sign
in. Where is aggregate sign in
risk is based on all detections,
including the ones that are
issued after the sign is taking
place. These risks are shown as
high medium or low in Identity protection.
Interesting can you share how we
use these detections to help our
customers Sure these detections are like sunny days in Seattle.
They're very valuable. Customers can
use these risks to set up
automated remediation policies.
For example, users policy or
sign in this policy. These
responses help organisations
multiple ways. Number one they
balance security and
productivity. For example, all signs
are not challenged with MFA.
However, if risk is detected on
a sign in or a user, we will
challenge the sign in based on
these policies. Number 2 they
reduce the time to respond after
a compromise. Number 3 they
reduce help is cost once you set
up the policies, no manual
intervention is required.
And  finally, number 4, they reduce the volume
of this data, IT admins how to
deal with manually on a daily
basis. That's super cool. We
recently made a lot of changes to identity protection. Can you
share what's changes? Sure so
we're always looking for a new
acronym. I'm just kidding. We've
been doing a lot of
improvements. Let's start with
the UI. The UI is now much more intuitive and
integrated. Number one we have
simplified risk for our
overburdened ID admins. They now
have only 2 major types of risk
in their direct line of sight
user risk and sign in risk
Number 2. We've integrated with
the signings report so IT admins
do not need to correlate
detections with signings
anymore, rather than showing IT
admins isolated detections, we now show them
risky sign-ins. IT admins can
click on a sign in and learn
more including how and why
was a sign in risky?
Number 3 we now provide deep
risk insights and
recommendations throughout the
feature and number 4 IT admins
can immediately protect their
users by giving us feedback on
our risk assessment. We feed this intel back into our machine
learning systems for future
detections and finally customers
can now filter, sort and perform
bulk actions across all reports of Identity Protection. So basically we just
have a new UI right? Well UI is just the tip of the iceberg.
The enhancements are every layer
behind the UI you'll find some
very powerful Microsoft graph APIs. Customers can use these
APIs to get information on risky
users risky sinins or just the
underlying detections. Now let's
look at our risk assessment engin we
made a lot of improvements
there. We've added a new layer
of machine learning to come up
with an aggregated sign in risk
with this sign in risk. IT
admins can now prioritize high risk sign-ins. Just like they've been
prioritizing high risk users
over the others talking about
high risk users. we’ve significantly improved our user risk assessment
to consume not just the
individual detections, but also
other sign in information. We've
improved both precision and
recall of our user risk
assessment this way. So to sum
up. we reached out to a lot of IT admins and asked them some
very tough questions. We ask
them about their dreams and
learned about their nightmares
instead. The top trending nightmares
were risky users and risky
sig-ins. These are the entities.
They were most concerned about
we have aligned the entire
identity protection around
these entities. IT admins can now
have automated policies detailed
reports powerful APIs and
enhance machine learning for
both risky users and risky
sign-ins. Thanks Rajat  for that
overview of identity
protection and the recent
changes that we've made. Join
us for our next video where  will
discuss how to successfully
deploy identity protection.
