如何建立Azure的AD察觉危险的用户

这是苏珊·布拉德利CSOOnline。今天的话题将是为什么你可能想看看在不同层次Azure中的Active Directory。有几个基本层，免费，基本，高级P1转P2。现在，你为什么要溢价P2。我要给你的，为什么你可能要考虑其只是一个许可的例子。有很多事情可以在Azure中的最佳实践清单做，但谈到了此表上这里的一种是建立在风险政策的迹象和用户风险政策。什么用户风险政策确实是看用户和标志的人员的活动，如果他们正在做的事情有风险。如果他们使用泄露的凭据它比较了通过与研究人员执法和安全团队工作的监督公共和黑网站。它着眼于从匿名IP地址的信息，并且是实时进行的。因此，检查是否有任何人在使用Tor浏览器或匿名的VPN。 It looks to see if somebody is logging in such a manner that just doesn't make sense. Like for example they've logged in from say the Pacific Coast an hour later they're logging in from the East Coast. Now we don't have the fast airplanes anymore so that's virtually impossible. It looks at signings from unusual locations or anything that just. Isn't familiar to the system. And it flags you with a report. To get started with it with this you have to go to the user marketplace and enable Azure identity protection. While there check out the other modules that are up there too. You want to then go to the dashboard of the user identity protection. Already on this test account you can see it sees that my user does not have multi factor authentication and it's flagging it as risky activity. So now we want to set up a sign in risk policy. Now I've already set up a sample policy. I've select a user. The condition I'm picking is sign in risk. And I'm choosing high risk. Now this takes a little bit of an explanation. High risk doesn't mean what you might think it means. High risk means that the events they're seeing means that the identities are already being compromised. That there's a high risk that the person has been already been taken over. If you choose low risk it means it's going to have potentially much more false positives. So you probably want to start out setting your policy with a high sign in risk. Now going back to our versions of Azure A.D.. If you have the free and basic. You will get just limited reports. You have to purchase a P1 or P2 before you get the advanced reports. And for identity protection you need that P2. If you want privileged identity management you also need to P2. Now you can mix and match. You can purchase just a P2 just for your global administrator accounts and then a P1 for the rest of the users in your in your domain. Once you've set up the report you can then click on the preview and see if there's anyone impacted. Now in my sample case obviously there's no one impacted but if you had someone doing risky activity or unusual signings you'd have a listing there. While you're in this identity section you also want to take a look at something called the Identity secure score and it lets you know what additional things you can do. You want to get that score as high as you can and kind of balance it out between usability and security. In my case I'm only at a really low 27 and there's a lot more things I can do. So again you'll want to take a look at that and look at the things that you can turn on in your organization. Until the next time it's Susan Bradley. And I'd highly recommend that you sign up for the IDG tech talk, Go over there on YouTube and sign up for daily videos on topics. Until the next time this is Susan Bradley.