The dynamic duo for your data security – Adaptive Protection integration with Conditional Access
Published Mar 13 2024 09:00 AM 10.8K Views

In the rapidly evolving digital era, organizations face an uphill battle in securing sensitive data - as evidenced by our recent Microsoft “Rethinking Security from the Inside Out” report where 87% of organizations stated that they experienced data breaches in the past year. A substantial 63% of these incidents stem from inadvertent or malicious insiders with access to sensitive information.


Organizations struggle to keep up with the dynamic nature of risks due to their reliance on fragmented tools and one-size-fits-all security policies, causing friction for users who need to use and access data for legitimate purposes. We continue to hear from customers that they need a user and data-centric approach that enables them to dial up and dial down data security controls based on evolving insider risk levels.


Enter Adaptive Protection, a powerful capability in Microsoft Purview designed to improve overall data security. Adaptive Protection helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically moving users in and out of policies as their risk levels change over time.


In February 2023, we announced, enabling users to be automatically included in the scope of data loss policies based on insider risk levels. For example, a DLP policy integrated with insider risk levels will prevent high-risk users from printing sensitive data, while allowing low-risk users to do so. This balances security and productivity and avoids blanketed policies that can be both very noisy and difficult to manage, while also hindering the end user experience.


Today, we are excited to announce Adaptive Protection is now also integrated with Conditional Access. You can now create Conditional Access polices to automatically add users to policies in response to insider risks levels.


Adaptive Protection integrated with Conditional Access

One of the challenges organizations face when trying to implement data security measures is the reliance on fragmented and siloed solutions. These solutions can make it difficult to roll out new data security controls consistently and can create gaps in protection that can be exploited by insiders. With the integration of Adaptive Protection and Conditional Access, Microsoft provides a seamless and easy solution for organizations to automatically move users in and out of policies based on their risk levels. This eliminates the need for organizations to manage multiple, siloed solutions and provides a more streamlined and effective approach to data security.


One of the key components of this integrated solution is Conditional Access, which plays a crucial role in enhancing an organization’s security by enforcing access to applications, data, and infrastructure, thereby minimizing the risk of external threats. It evaluates signals like user identity, location, device, user-risk, and sign-in risk to determine access to resources. And depending on the identity’s risk level, a range of controls is applied, be it implementing Multi-Factor Authentication (MFA), necessitating a password change, or outright blocking access to the application.


Now consider a scenario where a once-trusted employee on your sales team becomes a high-risk user, having submitted their resignation and starting to engage in data exfiltration activities. The Adaptive Protection and DLP integration allows you to prevent unauthorized use of data, but preventing access in the first place to critical applications like Salesforce adds another layer of defense.


With Adaptive Protection integrated with Conditional Access, you can now also configure a policy to automatically add the high-risk employee to the policy and block access to stealing data from your Salesforce application. Admins simply need to toggle the insider risk configuration switch to Yes and activate policy controls, such as mandating a terms of use agreement or outright blocking access. In the scenario above, you could seamlessly prevent a high-risk salesperson from accessing Salesforce - an application housing their beloved client list, while enabling a low-risk salesperson to access the application.


Figure 1: New ‘insider risk’ condition in Conditional AccessFigure 1: New ‘insider risk’ condition in Conditional Access

The synergy between compromised user risk and insider risk provides your organization with a more comprehensive solution to safeguarding your data against both external threats and internal risks. This comprehensive and multi-layered approach protects your organization against unauthorized access, data leaks, and data theft - ultimately strengthening your overall data security. With a united front against both external and insider risks, your data remains safe, reinforcing your organization’s resilience in the face of evolving cyber threats.

Watch our Mechanics video 


Read our ”Rethinking Security from the Inside Out” Report

We recently surveyed more than 500 data security and identity and access management professionals to gain deep insights into the data security landscape, the challenges organizations face with existing tools, and best practices for protecting against data breaches. Download our report!


Get started

Thank you,
Erin Miyake, Principal Product Manager, Microsoft Purview
Poulomi Bandyopadhyay, Sr. Product Manager, Microsoft Entra

Version history
Last update:
‎Mar 27 2024 08:17 AM
Updated by: