Intro

Identity Protection is a tool that allows organizations to accomplish three key tasks:

• Automate the detection and remediation of identity-based risks.

• Investigate risks using data in the portal.

• Export risk detection data to your SIEM.

Documentation

• What is Identity Protection?

• 
  
  

Tips and Tidbits

• Use Microsoft Graph APIs if you want to extract data for AD Identity Protection

• Azure Active Directory Identity Protection includes three default policies that administrators can choose to enable. Under Controls section

  • Require MFA registration

  • Require password change

  • Require Multi-Factor Authentication