What is the key difference between Priviledged Identity Management and Identity Protection?

Dave Wi 11 Reputation points
2020-10-15T04:56:58.363+00:00

Helo,

I often get confused with many policies and feature terms, and identity is one of them.

Can you please share the key difference between Privileged Identity Management and Identity Protection?

Thanks,

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,466 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-10-15T05:56:55.24+00:00

    Hello @Dave Wi · Welcome to Q&A platform and thanks for your query.

    • Privileged Identity Management (PIM) is used to provide just-in-time and time-bound privileged access to Azure AD and Azure resources. E.g. using PIM you can provide users with an option to request for an admin role like Global Administrator, User Administrator etc., for a specific amount of time. Benefit of using PIM is, a Global administrator has the option to check the justification provided by the user with the request and he can approve or deny the request if the justification is not appropriate. It also provides an option to enforce multi-factor authentication to activate any role.
    • Azure AD Identity protection is used to detect any suspicious activities associated to a user account or a specific sign-in using Artificial Intelligence based on below checks:
      1. Atypical travel : Sign in from an atypical location based on the user's recent sign-ins.
      2. Anonymous IP address: Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs).
      3. Unfamiliar sign-in properties: Sign in with properties we've not seen recently for the given user.
      4. Malware linked IP address: Sign in from a malware linked IP address.
      5. Leaked Credentials: Indicates that the user's valid credentials have been leaked.
      6. Password spray: Indicates that multiple usernames are being attacked using common passwords in a unified, brute-force manner.
      7. Azure AD threat intelligence: Microsoft's internal and external threat intelligence sources have identified a known attack pattern.

    Based on the risky sign ins from an account, the user account is marked as risky. We can configure sign-in risk policies to block sign in or trigger MFA if risky sign-in is detected. It includes user risk policy to require risky users to reset their passwords or block their sign ins.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    18 people found this answer helpful.