Welcome back everyone. We hope
you've already seen the product
overview video of Azure AD Identity protection. In this
video we will cover how you can
quickly deploy identity
protection in your organization,
Sarah could you please help us
understand how an organization
can leverage identity protection to protect its users?
Absolutely the first step is
setting up your policies. The
sign in risk policies is an
automated response. You can
configure for a specific sign in
risk level. In your response you
can block access to resources or require passing a multi factor
authentication or MFA challenge
to prove their identity in order
to gain access. So let's dive
into the policy. When you configure
their sign of risk policy you
need to set the users and groups
that it applies to.
The sign in risk level that
will trigger the policy or
the condition. Here, we've
selected medium or above.
And the controls that you're
going to put in place to deliver
the type of experience you want
when the specific sign in risk
level has been met. Here we have
the option to block access or
allow access but require MFA.
Then we need to enforce the
policy. One important thing to
note is that the require MFA
setting will only work for users
that I've already registered for
MFA. If you target this policy
to a user that hasn't registered
for MFA. Their access will be
blocked. If they try to sign in
and have it signed in risk level
at or above your threshold. And
here's something interesting. IT Admins can use assigning risk as
a condition and multiple
conditional access policies
outside of the identity
protection. Thanks Sarah. Defining
the Login experience based on
the risk level of a sign in is
very effective way to prevent
compromises. Now can you show us
how it admins can change the
login experience based on the
user's previous risky logins? Absolutely
We can do that with a user risk
policy. The user is policy is an
automated response that remediates a user when they
meet a specified risk level. When
users at risk. It means that
there's a high likelihood that
their credentials have been
compromised, which is why this
policy allows you to block
access to the resources or
require the user to reset their
password to return them to safe state.
To configure the user risk
policy, you will need to
set the users and groups
at the policy applies to.
The user risk level that will
trigger this policy.
And the type of access. You want
to be enforced in the specified
user risk level has been met. Here your options are block
access or allow access, but
require a password change, then
we enforce the policy and you're
done. The great thing about
these policies is that they save
your IT admins time by
automating these responses and
protections, and can give you peace of mind knowing that the power of Azure AD is behind
protecting your sign ins and users. Great, these policies were
pretty easy to setup. Do you have any other advice around
these policies? Yes, we
recommend doing a staged rollout
for these policies. Essentially
start small with a select group
of users or groups to deploy
these policies, to and then
expand to your broader
organization. Also you should
ensure users register for MFA
and Self Service password reset
before you deploy the identity
protection policies to make this
process easier. We even have an
MFA registration policy within
identity protection that can
assist with your rollout of MFA.
Thank you Sarah. We hope this
video helps you roll out
identity protection in your
organization. Join us In our next video
where we will share how IT
admins can use Identity protection on
a daily basis.
