Exploring Azure Identity Protection
Start course

This course explores the suite of tools available in Microsoft Endpoint Manager for establishing and maintaining security posture in an organization. These include tools like Microsoft Intune, used for enrolling devices as well as creating and enforcing device compliance, and Microsoft Defender, used for implementing device antivirus and malware defense tools. This course will also review the activities involved in reducing attack surfaces in an organization that bad actors could use to penetrate and expose sensitive data. This sensitive data is protected through the implementation of attack surface reduction rules which are deployed through careful auditing and testing to prevent any loss of productivity. This course will also touch on the security baselines made available to organizations wishing to enact a more granular security posture and have access to tools like secure score for evaluating the effectiveness of these efforts against known best practices.  

Learning Objectives

  • Create a compliance policy 
  • Monitor enrolled devices
  • Setup surface attack reduction rules
  • Deploy surface attack reduction rules
  • Review security baselines
  • Examine Microsoft secure score

Intended Audience

This course is designed for individuals who are responsible for setting up and monitoring device compliance and security in Microsoft 365 as well as those pursuing Microsoft certifications.


To get the most from this course, you should have some familiarity and experience with the Microsoft 365 security suite of tools including Microsoft Endpoint Manager.  


Exploring Azure Identity Protection. Most security breaches take place when attackers gain access to an environment by stealing a user's identity. Over the years, attackers have become increasingly effective in using third-party breaches and sophisticated phishing attacks. As soon as attackers gain access to even low privileged user accounts, it's relatively easy for them to gain access to important company resources through lateral movement.

Azure Active Directory uses adaptive machine learning algorithms to detect anomalies and suspicious activities that indicate potentially compromised identities. Using this data, Azure Identity Protection generates reports and alerts that enable us to evaluate the detected issues and take appropriate mitigation and remediation actions. Azure Active Directory Identity Protection, also known as Azure Identity Protection is a cloud-based solution that helps an organization monitor and report compromised or abused identities within its environment. It's able to detect attacks in near real time.

AIP enables organizations to protect their identities by configuring risk-based policies that automatically respond to detected issues when a specified risk level has been reached. These policies, along with other conditional access controls can either automatically block or start adaptive remediation actions, including password resets and multifactor authentication enforcement. The major capabilities of Azure Identity Protection include: detecting vulnerabilities and risky accounts; investigating risk events and risk-based conditional access policies.

In many cases, AIP uses advanced machine learning to detect suspicious activities based on signals it detects from unusual or atypical user behaviors. Azure Identity Protection calculates a real time sign-in risk each time a user authenticates, and determines an overall risk level for each user. Azure Identity Protection enables us to automatically take action on these risk detections by configuring user risks policies and sign-in risk policies.

About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.