What does Entra ID Protection do?

Entra ID Protection used to be called Azure AD Identity Protection. It’s one of Microsoft’s most effective organisation-level cybersecurity solutions. But what does Entra ID Protection do exactly?

In short, it helps keep your digital ID (and thus, your business’s data and reputation) safe. If you don’t what Entra is or what it does, it’s time to get into it – or check that your IT department or Managed Service Provider is on the case.

Because login credentials are big business on the dark web. Cybercriminals will happily pay more than £100 000 for known email logins – and even a few pounds for social media accounts.

They’re willing to do this because they can often use those login credentials to access all the accounts they’re linked to (which, these days, can be many and varied). Around 80% of people will happily reuse the same password for multiple accounts, despite the risk.

Entra ID can help you protect your business from this serious and growing threat.  If you’re not sure about it, here are the basics of what you need to know:

What is Entra ID Protection?

Formerly called Microsoft Azure AD Identity Protection, Entra ID Protection identifies identity-based risks to your cybersecurity and acts to challenge or block them. It does this through smart application of machine learning.

If allowing a user access looks risky for some reason, Entra stops it or limits it. On top of this, it provides a kind of centralised desktop where you – or your IT team or MSP – can assess and manage organisation-wide risks and integrate other handy tools.

How does ID Protection work?

Entra works by monitoring how your individual users log in. After a little while (usually about five days), it will have built up a picture of the patterns they commonly log in with, such as what time it normally is and where they normally are.

When someone bucks their usual pattern, Entra detects that something could be amiss. For example, perhaps a team member always logs in from a certain location between certain hours. If they now log in in a different country after hours, there’s a chance that login is suspect.

This is sometimes called User risk policies. But Entra also works with Sign-in policies. These are directed at individual login attempts.

For example, if an account has numerous failed login attempts by one user, further security steps might be triggered.

What does Entra ID Protection do?

There are a few key things that Entra ID protection is specifically watching out for in order to keep your business safe:

1) Detect leaked or sold credentials

Entra ID has the incredible ability to work out whether the login credentials of any member of your team have been leaked or sold online.

It does this by checking “password hashes”. These are cryptographic representations of passwords that Entra compares to see if they have been compromised.

It can also detect if a member of your team is trying to set a password that is already compromised (it won’t let them).

2) Identify suspicious sign-ins

These are the User Risk policies that Entra is always abiding by. It monitors possible risks by spotting changes in your users’ normal login patterns, such as when someone:

  • Has a different IP address
  • Is using a different device
  • Is using a different browser

3) Flag email rules manipulation

This part of Entra ID Protection monitors your team’s email inboxes for users who are trying to manipulate your email rules to do things like:

  • Delete messages before they’re read
  • Relocate messages or folders to hide them
  • Send spam or malware internally or externally

When it spots activity like this, it raises a big red flag that lets your IT department or MSP know that there is something potentially dodgy happening.

4) Spot IP addresses with a history of malware

This policy essentially damns by association any IP addresses that have a history of contact with known bots.

It automatically treats these IP addresses as suspicious as they – and the ID of the user who is at that address – may be wittingly or unwittingly infected with malware.

How to set up Entra ID Protection

Entra is a brilliant cybersecurity tool for blocking risks to your business. Plus, it gives you a handy way to analyse potential risks and take proportionate actions. To set it up for your business, you will need to have:

  • Microsoft Entra ID P2
  • Microsoft 365 E5

However, setting up a system as complex as Entra ID Protection takes a great deal of care. Talk it over with your in-house IT specialists or your Managed Service Provider to make sure yours is doing all it can for your business.

Want to talk through the best way to integrate tools like Entra into cohesive cybersecurity for your organisation?

Let’s chat. Dial A Geek provides cyber security in Bristol, and we are already trusted by over 1000 businesses in The South West and across the UK who outsource their IT support to us.

Reach out to us today to set up a cost and commitment-free discussion with Managing Director Gildas Jones.

ALL ARTICLES