Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

Secure your hybrid-cloud environments with Azure AD Identity Protection and Azure ATP

Jason Wilson's avatar
Jason Wilson
Icon for Microsoft rankMicrosoft
Sep 26, 2018

 

Today, we are excited to announce that Azure Advanced Threat Protection (Azure ATP) is being integrated with Azure Active Directory Identity Protection (Azure AD Identity Protection), and this functionality is expected to be available for Preview later this year.

 

In most large organizations, IT teams that administer identity and ones that investigate incidents are different and may or may not be working hand-in-hand. It is hard to find security solutions that work well together and are comprehensive at the same time. With the Azure AD Identity Protection and Azure ATP integration, Microsoft delivers a unified identity investigation experience across on-premises and cloud.

 

Protection built right into Azure Active Directory, Azure AD Identity Protection uses dynamic intelligence and machine learning to automatically detect and protect your organization from identity attacks. While Azure ATP, a cloud service, helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats, leveraging machine learning analytics to determine suspicious user behavior.

 

 

 

Unlock new value with comprehensive identity protection:

  • Controls to monitor and bring down risk by users or sign-ins (Know your risky users and sign-ins)
  • Understand which incident to prioritize first based on risk and user access (Admins first, users next)
  • Help prevent breaches before they happen

The Azure ATP and Azure AD Identity Protection integration allows SecOps investigations of risky users between the two products through a single pane of glass. 

 

SecOps analysts can see a user’s Risk as calculated by Identity Protection along with the new Azure ATP Investigation Priority which highlights the most important users the security team needs to triage.

 

 

 

Security and identity administrators can navigate from the view of a User with Risk in AATP back to Identity Protection to configure Azure AD conditional access policies to prevent subsequent bad actor activities and safely get sole ownership of impacted user’s account back to the rightful owner.

 

The unified identity investigation experience through the Azure AD Identity Protection and Azure ATP integration provides comprehensive identity protection for any size enterprise.

 

Azure Active Directory Identity Protection and Azure Advanced Threat Protection are a part of Microsoft 365’s E5 suite. You can learn more about Azure ATP here  and about Azure AD Identity Protection here.

 

Updated May 11, 2021
Version 14.0
  • Jason Wilson Thanks for the overview above. Good to see Microsoft giving meaning to the hidden signals that could indicator a security event.

     

    It seems to me, from what I have read on Azure ATP and Azure AD IP, that this functionality is a natural complement to Microsoft Cloud App Security. Are there any signals from MCAS that are being fed into Azure ATP? The "Suspicious inbox forwarding" alert above looks very much like an MCAS alert. And more broadly than that, while MCAS can signal within the context of policies, it lacks the overall user behaviour analytics that you seem to be providing here. Any plans to integrate all three services, thereby reducing disparity and making an even more comprehensive security offering available?