Microsoft has announced the public preview of Azure AD Identity Protection for workload identities that includes purpose-built anomaly detection capabilities for workload identities with user detections to help protect the entire IT environment.
According to Microsoft, cloud migrations include software workloads like apps, services or scripts that access cloud resources and have workload identities in Azure AD, such as applications, managed identities and service principals.
Organizations have five times more software workloads than they have users, so compromised workload identities can give an attacker foothold to move laterally in a victim environment, just like compromised user accounts, the company says.
Essentially, this announcement extends Azure AD Identity Protection to workload identities with reports of detected anomalous application behavior, including suspicious login patterns and directory changes to help IT and security professionals more quickly detect and remediate attacks.
According to Microsoft, these new capabilities can boost an organization’s Zero Trust approach by explicitly verifying and locking down a system when an anomaly is detected.
“It is available to apply a risk-based Conditional Access policy to block access when Identity Protection detects a risky workload identity in Microsoft Graph— support in Azure Portal is coming soon,” the company said in a Tech Community blog. “This means that for all single-tenant applications, you can configure a policy to block on any combination of High, Medium or Low risk (we will address multi-tenant applications in the future).”
Microsoft says IT can now export risk events from Azure to third-party solutions for analysis or long-term storage via Diagnostic Settings.
“These new detections and controls are just the beginning – we are committed to the protection of all identities – including workload identities – and stay tuned for more exciting news in this area coming soon,” Microsoft said in the blog.
Microsoft points customers to this documentation to learn more.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply