Identity and access management is important for ensuring that only authorized users are able to access systems, which is even more important when using the cloud. Monitoring the way these identities are used can help you recognize suspicious activity. The identity controls provided by Microsoft allow you to provide secure access and recognize attempts at unauthorized access.

Secure Access Using Microsoft Identity Tools

Active Directory is the key identity management tool for defining users within your Microsoft infrastructure. User identities can be shared between the premises and the Azure cloud, allowing a single identity with a single management process. Through using conditional access policies, you can finely tune how users access their applications.

Once user identities are defined and permissions are specified, multifactor authentication ensures users have to pass several layers of verification before access is granted. Windows Hello eliminates the use of insecure passwords.

Identify Suspicious Behavior

Because identities can be stolen, and even legitimate users can perform unauthorized actions, monitoring usage is necessary to ensure systems are used properly.

Azure AD Identity Protection provides risk detection and remediation for the following types of risky behavior:

• access attempt from an unusual location
• use of an anonymous IP address
• access attempt from an IP address known for malicious activity
• unusual sign-in properties
• credentials known to have leaked
• other threat known to Microsoft Azure

Several of these risks are detected and responded to in real-time, while the others are determined offline. You can define policies to mitigate the risks, such as requiring users to complete multifactor authentication (if not previously required) or reset passwords, or blocking their access. All collected data can be exported into third-party tools for further analysis.

Because privileged accounts present increased risks, you should take special care to monitor their use. Azure AD Privileged Identity Management provides fine-grained control and monitoring of administrator accounts.

Responding to Suspicious Behavior

It isn’t enough to identify suspicious behavior; you need a plan for responding to them. In some cases the automatic handling is all the action you need. In other cases, you’ll need to conduct a review to determine whether there was an actual breach and whether any sensitive data was exposed or tampered with. In the case of a breach, there are legal and ethical responsibilities regarding notification of the affected users. If data was tampered with, you may need to leverage your backup and recovery procedures in order to restore uncorrupted data.

Cybersecurity services from Prescient Solutions ensure a safe environment for your users across Microsoft and all your platforms. Contact us to learn how we can help you define an identity and access management strategy that provides users with seamless access to all their systems while protecting vital company data.