Follow us on [Link] to learn more about us.

Risk detection: Utilizes advanced Machine Learning (ML) algorithms to detect anomalies and suspicious activities,
identifying potential threats.
Risk remediation: Provides recommendations to address identified risks and automate responses, reducing the manual
workload.
Risk-based conditional access policies: Allows administrators to set policies based on the risk level of user identities,
ensuring enhanced security.
Anonymous IP Address: Identifies logins from anonymous sources (e.g., Tor browser, anonymizer VPNs).
Atypical Travel: Detects logins from unusual locations based on the user's recent activity.
Malware Linked IP Address: Tracks sign-ins from IP addresses associated with malware.
Unfamiliar Sign-In Properties: Monitors sign-ins with uncharacteristic properties for the given user.
Leaked Credentials: Discovers instances where the user's valid credentials have been exposed.
Password Spray: Flags coordinated brute-force attacks using common passwords across multiple usernames.
Azure AD Threat Intelligence: Utilizes Microsoft's internal and external intelligence sources to identify known
attack patterns.
New Country (MCAS): Detects logins from new countries via Microsoft Cloud App Security (MCAS).
Activity from Anonymous IP Address (MCAS): Identifies anonymous IP activity using MCAS.
Suspicious Inbox Forwarding (MCAS): Unveils suspicious email forwarding activities through MCAS.
Enhanced Security: Prevents compromised identities from gaining unauthorized access.
Flexible Control: Allows administrators to define appropriate responses to different risk levels.
Proactive Protection: Enables early detection of potential security threats and mitigates them before they become critical.
Enhanced Security: Identifies and mitigates suspicious sign-ins in real time, minimizing potential security breaches.
Flexible Control: Empowers administrators to define suitable responses to varying risk levels.
Proactive Protection: Detects potential threats early and mitigates them before they cause harm.
Why Use MFA?
MFA limits the impact of credential exposure by requiring an additional verification method (like possession of a
user's phone or fingerprint) besides the password.
Without MFA, single-factor authentication can be exploited; with MFA, unauthorized users are unable to
authenticate.
Azure Multi-Factor Authentication (MFA):
Azure MFA is Microsoft's two-step verification solution that ensures secure access to data and applications, offering a
simple sign-in process.
It supports various verification methods, including phone call, text message, or mobile app verification.
Enhanced Security: Identifies and mitigates suspicious sign-ins in real time, minimizing potential security breaches.
Flexible Control: Empowers administrators to define suitable responses to varying risk levels.
Proactive Protection: Detects potential threats early and mitigates them before they cause harm.
Securing User Sign-ins with MFA:
Azure AD offers two ways to require MFA for user sign-ins:
Conditional Access Policy: Preferred method where MFA is required under specified conditions.
Individual User MFA Activation: Requires MFA each time a user signs in, barring exceptions like trusted IP
addresses or remembered devices.
User States in Azure AD MFA:
 Users initially are in the 'Disabled' state.
Enrolling in per-user Azure AD MFA changes their state to 'Enabled'.
Upon completion of the MFA registration process, their state changes to 'Enforced'.
Administrators have the flexibility to transition users between states.
First-Time Sign-in Post MFA Enablement:
Users are prompted to configure their MFA settings upon first sign-in after MFA activation.
For instance, if MFA is set up to require a mobile device, users will need to configure their device for
MFA.
Users must complete these steps to be allowed to sign in, affirming their device is MFA-compliant.
Account Lockout: Temporarily prevents accounts from using Azure AD MFA after consecutive failed authentication
attempts. Applies only to users authenticating with a PIN. (MFA Server)
Block/Unblock Users: Allows blocking specific users from receiving Azure AD MFA requests. Any authentication attempts
from blocked users are automatically denied. Users stay blocked for 90 days or until manually unblocked.
Fraud Alert: Enables users to report fraudulent verification requests.
Notifications: Allows administrators to receive notifications of events from MFA Server.
OATH Tokens: In cloud-based Azure AD MFA environments, manages OATH tokens for users.
Phone Call Settings: Allows customization of phone call settings and greetings for both cloud and on-
premises environments.
Providers: Displays any associated authentication providers with your account. Creation of new providers was
discontinued as of September 1, 2018.
Customized Access: Personalizes access controls based on various factors like user role, location, device health, and risk.
Enhanced Security: Identifies and mitigates potential security threats by requiring additional authentication.
Unified Policy Platform: Applies access policies across all applications in Azure AD, providing a consistent security posture.
Why use PIM?
Risk Management: Mitigates the risks of excessive, unnecessary, or misused access permissions.
Compliance and Governance: Helps meet regulatory requirements and implement governance policies.
Cost-Effective: Reduces costs associated with managing and securing privileged access.
Azure Policy and RBAC - [Link]

The GOAL of this slide – Azure RBAC and Azure Policy working together makes for a more secure system. Either one alone
of focuses on part of the security picture.
Slide RBAC box presentation – Users in your Azure AD are assigned built-in or custom roles that can perform certain tasks.
Those roles have specific conditions like MFA or a specific device that are evaluated to see if the user can perform the task.
If the user meets the condition, they are granted access to the operation.
Slide Policy box presentation – Resources in your Azure subscription have properties. There are rules (stored
in the policy) that define what the corporate standard is for that resource (All VMs have to have a firewall
running as example). Those properties are evaluated against the policy definition, and if they match the
resource is reported as compliant.

There are a few key differences between Azure Policy and role-based access control (RBAC). Azure Policy
evaluates state by examining properties on resources which are represented in Resource Manager and
properties of some Resource Providers. Azure Policy doesn't restrict actions (also called operations). Azure
Policy ensures that resource state is compliant to your business rules without concern for who made the
change or who has permission to make a change.

RBAC focuses on managing user actions at different scopes. If control of an action is required, then RBAC is
the correct tool to use. Even if an individual has access to perform an action, if the result is a non-compliant
resource, Azure Policy still blocks the create or update.

The combination of RBAC and Azure Policy provide full scope control in Azure.
Key Features of Azure Blueprint:
Artifact Management: Azure Blueprints can deploy a mix of resource groups, Azure Policy assignments, RBAC role
assignments, and ARM template deployments.
Environment Standardization: Azure Blueprints helps in creating standardized environments with predefined
resources and configurations, ensuring consistency across deployments.
Compliance and Governance: Azure Blueprints simplifies compliance by defining policies and implementing them
across all deployments, ensuring a secure and compliant cloud environment.
Follow us on [Link] to learn more about us.