How to Set Up Identity Protection with Azure Active Directory

November 30, 20234 min read

Azure Active Directory (Azure AD) Identity Protection is a feature that helps you manage potential vulnerabilities in your organization’s identities and provides a consolidated view of suspicious activities that need to be investigated. Setting up Identity Protection involves several steps focused on configuring policy settings, reviewing risk detections, and investigating risks. Below is a detailed guide for setting up Identity Protection with Azure Active Directory.


  • An Azure subscription.
  • Azure AD Premium P2 (or a trial version) is required to access Azure AD Identity Protection capabilities.
  • Necessary permissions: Global Administrator or Security Administrator roles.

1. Enable Azure AD Identity Protection

  • Sign in to Azure Portal
    • Navigate to the Azure portal.
    • Sign in with an account that is assigned to the required administrator role.
  • Locate Azure AD Identity Protection
    • On the left-hand side, select “Azure Active Directory” to open the Azure AD service.
    • Scroll down to the “Security” section and click on “Identity Protection”.

2. Configure Risk Policies

  • Sign-in Risk Policy
    • Click on “Sign-in risk policy”.
    • Define when a user sign-in is considered risky and choose the level of risk you want to mitigate.
    • Decide the action (Allow access, Allow limited access, Block access).
    • Set the policy to “On” and save your changes.
  • User Risk Policy
    • Go back to the main Identity Protection page.
    • Select “User risk policy”.
    • Similarly, determine when a user should be considered at risk.
    • Choose the appropriate response (Allow access, Allow limited access, Require password change).
    • Activate the policy by switching it to “On” and save.

3. Review and Remediate Risks

  • Review Risky Users
    • From the main Identity Protection page, click on “Risky users”.
    • Here, you will see a list of users that have been identified as risky.
    • Investigate each user’s risk events to understand the nature of the risk.
    • Take appropriate remediation actions like reset passwords or revoke tokens.
  • Review Risky Sign-ins
    • Select “Risky sign-ins” to see sign-ins that have been flagged as risky.
    • Analyze the sign-ins, looking at the sign-in location, device, and sign-in properties.
    • Take action if necessary, such as requiring Multi-Factor Authentication (MFA) or securing user accounts.

4. Configure Multi-Factor Authentication

  • MFA Registration Policy
    • It’s a best practice to require MFA for users.
    • In Azure AD, navigate to “Users” and click on “Multi-Factor Authentication”.
    • Configure user settings for MFA including service settings and verification methods.
  • Conditional Access Policies
    • Apply Conditional Access Policies for more granular control.
    • Define policies that trigger MFA based on certain conditions like user risk level, sign-in risk, or when accessing particular applications.
    • Assign the policies to the appropriate users and groups, and define the conditions and access controls.

5. Monitor and Alert

  • Monitoring
    • Regularly monitor risk events and notifications.
    • Use the Azure AD reporting and monitoring capabilities to stay informed about identity risks in your environment.
  • Alert Configurations
    • Set up alerts for specific events or thresholds within Identity Protection.
    • These alerts can be sent via email or integrated with other security systems using Azure Monitor.

6. Review and Refine

  • Regularly review the effectiveness of your policies.
    • Adjust policies and controls as needed based on trends in your environment.
    • Stay updated with Azure AD Identity Protection capabilities as Microsoft regularly adds new features and detection capabilities.

Using Azure Active Directory Identity Protection is a dynamic process that requires consistent monitoring and management. By following these steps, setting up alerts, and regular policy reviews, you can help secure your organization’s identities against a variety of threats and risks.