Identity Protection
Last updated
Last updated
Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks using insights from a vast array of signals collected daily. These risks, such as anonymous IP usage, password spray attacks, and leaked credentials, are assessed during sign-ins, generating a risk level that informs Conditional Access policies or integration with security tools like SIEMs.
Administrators can investigate risks through detailed reports on risky sign-ins and users, and remediation can be automated based on risk levels or handled manually through administrative review. Data from Identity Protection can be exported and integrated with other tools for extended analysis, archiving, and correlation, enhancing an organization's overall security posture.
| Capability | Details | Microsoft Entra ID Free / Microsoft 365 Apps | Microsoft Entra ID P1 | Microsoft Entra ID P2 |
|---|---|---|---|---|
Role
Can do
Can't do
Full access to Identity Protection
Reset password for a user
View all Identity Protection reports and Overview Dismiss user risk, confirm safe sign-in, confirm compromise
Configure or change policies Reset password for a user Configure alerts
View all Identity Protection reports and Overview
Configure or change policies Reset password for a user Configure alerts Give feedback on detections
Read-only access to Identity Protection
Reset user passwords
Risk policies
Sign-in and user risk policies (via Identity Protection or Conditional Access)
No
No
Yes
Security reports
Overview
No
No
Yes
Security reports
Risky users
Limited Information. Only users with medium and high risk are shown. No details drawer or risk history.
Limited Information. Only users with medium and high risk are shown. No details drawer or risk history.
Full access
Security reports
Risky sign-ins
Limited Information. No risk detail or risk level is shown.
Limited Information. No risk detail or risk level is shown.
Full access
Security reports
Risk detections
No
Limited Information. No details drawer.
Full access
Notifications
Users at risk detected alerts
No
No
Yes
Notifications
Weekly digest
No
No
Yes
MFA registration policy
No
No
Yes