Azure AD B2Cのセキュリティに関する機能について

竜吾 鈴木 60 Reputation points
2023-02-28T08:41:03.74+00:00

以下の点についてご教示頂きたいです。

・モニタリング機能の有無、モニタリングが可能であればどのように行うのか

・サードパーティのプラットフォーム(SIEMツールなど)と連携するにはAzure Monitor経由が必須か?

・地理的に離れた場所での高可用性の有無、ある場合はどのように実現されているのか

・IPスロットリング検知やブルートフォース検知、ボット検知、Breached Password Protectionなどの攻撃対策はあるか

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,451 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,936 Reputation points Microsoft Employee
    2023-03-02T01:11:13.0333333+00:00

    Hi 竜吾 鈴木 ,

    I understand that you are looking to know about the security features available in Azure AD B2C. To address your questions:

    1. Yes. Azure AD B2C provides monitoring and analytics capabilities through the use of monitoring workbooks in Azure Monitor. You can use them to view sign in and auditing logs and route them to different solutions such as a Storage Account, Log Analytics Workspace, or Event Hub. See Monitor Azure AD B2C with Azure Monitor
    2. No, it is not necessary to use Azure Monitor to integrate with third-party platforms such as SIEM tools, though it does integrate with them. If you choose not to use Azure Monitor to monitor Azure AD B2C activity and still want to integrate with third-party SIEM tools, you can use the Reporting Graph API to access the data and push it into the SIEM system using your own scripts. The Reporting Graph API is supported for Azure AD B2C. See: Prerequisites to access the Azure Active Directory reporting API
    3. Yes, Azure AD B2C provides high availability in geographically distant locations through the use of Azure regions. Azure regions are physically separated locations that are engineered to be isolated from failures in other regions. Azure AD B2C is generally available worldwide with the option for data residency in the United States, Europe, Asia Pacific, or Australia. Our public service level agreement (SLA) promises a 99.99% uptime for Azure AD B2C user authentication.
    4. Azure AD B2C provides security features such as dictionary credential attack detection, brute force detection, bot detection, and breached password protection. You can also use Microsoft Sentinel to perform security analytics for Azure Active Directory B2C data. Microsoft Sentinel provides built-in templates to help you create threat detection rules designed by Microsoft's team of security experts and analysts. See Mitigate credential attacks in Azure AD B2C with smart lockout

    Other security protections you can implement for Azure AD B2C include:

    Azure Web Application Firewall with Azure Active Directory B2C

    Dynamics 365 Fraud Protection with Azure Active Directory B2C

    Identity Protection in Azure AD B2C

    Conditional Access with user flows in Azure Active Directory B2C

    Securing phone-based multi-factor authentication (MFA)

    You can also earn more about Azure AD B2C monitoring and analytics by reviewing the article, Resilience through monitoring and analytics in B2C

    If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.