What Identity Protection Does
Identity Protection enables organizations to:
Identity Protection requires Microsoft Entra ID Premium P2. Without P2, only limited visibility is available.
Where the Intelligence Comes From
Microsoft analyzes over 6.5 trillion signals per day collected from:
This massive data set allows Microsoft to identify attack patterns long before most organizations could.
How Identity Protection Integrates
Risk signals can be:
This enables automated Zero Trust decisions.
Risk Detection Types
Identity Protection detects multiple risk types.
| Detection Type | Description |
|---|---|
| Anonymous IP address | Sign-ins from Tor or anonymizer VPNs. |
| Atypical travel | Impossible or unusual travel patterns. |
| Malware-linked IP | IP addresses associated with malware. |
| Unfamiliar sign-in properties | New device, browser, or behavior. |
| Leaked credentials | Known exposed usernames and passwords. |
| Password spray | Multiple users attacked with common passwords. |
| Microsoft threat intelligence | Known attack patterns detected by Microsoft. |
| New country | New country detected by Defender for Cloud Apps. |
| Suspicious inbox forwarding | Mailbox rule abuse detected by MDCA. |
Permissions and Roles
Identity Protection access is role-based.
| Role | Capabilities |
|---|---|
| Security Administrator | Full Identity Protection access. |
| Security Operator | Investigate and remediate risks. |
| Security Reader | View reports only. |
Important limitation:
License Capabilities Summary
Only Microsoft Entra ID Premium P2 provides full functionality.
Key exam takeaway:
Risk-based policies require P2.