Identity Protection
Identity Protection Overview
Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks using insights from a vast array of signals collected daily. These risks, such as anonymous IP usage, password spray attacks, and leaked credentials, are assessed during sign-ins, generating a risk level that informs Conditional Access policies or integration with security tools like SIEMs.
Administrators can investigate risks through detailed reports on risky sign-ins and users, and remediation can be automated based on risk levels or handled manually through administrative review. Data from Identity Protection can be exported and integrated with other tools for extended analysis, archiving, and correlation, enhancing an organization's overall security posture.
Role Requirements:
Role
Can do
Can't do
View all Identity Protection reports and Overview Dismiss user risk, confirm safe sign-in, confirm compromise
Configure or change policies Reset password for a user Configure alerts
View all Identity Protection reports and Overview
Configure or change policies Reset password for a user Configure alerts Give feedback on detections
License requirements
Risk policies
Sign-in and user risk policies (via Identity Protection or Conditional Access)
No
No
Yes
Security reports
Overview
No
No
Yes
Security reports
Risky users
Limited Information. Only users with medium and high risk are shown. No details drawer or risk history.
Limited Information. Only users with medium and high risk are shown. No details drawer or risk history.
Full access
Security reports
Risky sign-ins
Limited Information. No risk detail or risk level is shown.
Limited Information. No risk detail or risk level is shown.
Full access
Security reports
Risk detections
No
Limited Information. No details drawer.
Full access
Notifications
Users at risk detected alerts
No
No
Yes
Notifications
Weekly digest
No
No
Yes
MFA registration policy
No
No
Yes
Last updated