Azure Active Directory Identity Protection integration

• 03/24/2020
• 2 minutes to read
• • 

Applies to: Microsoft Cloud App Security

Microsoft Cloud App Security integrates with Azure Active Directory Identity Protection (Identity Protection) to provide user entity behavioral analytics (UEBA) across a hybrid environment. For more information about the machine learning and behavioral analytics provided by Identity Protection, see What is Identity Protection?.

Prerequisites

• A Cloud App Security Admin account to enable integration between Identity Protection and Cloud App Security.

Enable Identity Protection

To enable Cloud App Security integration with Identity Protection:

1. In Cloud App Security, under the settings cog, select Settings.

   

2. Under Threat Protection, select Azure AD Identity Protection.

   

3. Select Enable Azure AD Identity Protection alert integration and then click Save.

After enabling Identity Protection integration, you'll be able to see alerts for all the users in your organization.

Disable Identity Protection

To disable Cloud App Security integration with Identity Protection:

1. In Cloud App Security, under the settings cog, select Settings.

2. Under Threat Protection, select Azure AD Identity Protection.

3. Clear Enable Azure AD Identity Protection alert integration and then click Save.

Configure Identity Protection Policies

The Identity Protection policies can be fine-tuned to your organization's need using the severity slider. The sensitivity slider allows you to control which alerts are ingested. In this way, you can adapt the detection according to your coverage needs and your (SNR) targets.

The following policies are available:

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.