You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/identity-protection/overview-identity-protection.md
+13-4Lines changed: 13 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: identity-protection
8
8
ms.topic: overview
9
-
ms.date: 10/18/2019
9
+
ms.date: 03/17/2020
10
10
11
11
ms.author: joflore
12
12
author: MicrosoftGuyJFlo
@@ -45,12 +45,12 @@ Identity Protection identifies risks in the following classifications:
45
45
46
46
| Risk detection type | Description |
47
47
| --- | --- |
48
-
| Atypical travel | Sign in from an atypical location based on the user’s recent sign-ins. |
48
+
| Atypical travel | Sign in from an atypical location based on the user's recent sign-ins. |
49
49
| Anonymous IP address | Sign in from an anonymous IP address (for example: Tor browser, anonymizer VPNs). |
50
-
| Unfamiliar sign-in properties | Sign in with properties we‘ve not seen recently for the given user. |
50
+
| Unfamiliar sign-in properties | Sign in with properties we've not seen recently for the given user. |
51
51
| Malware linked IP address | Sign in from a malware linked IP address |
52
52
| Leaked Credentials | This risk detection indicates that the user's valid credentials have been leaked |
53
-
| Azure AD threat intelligence | Microsoft’s internal and external threat intelligence sources have identified a known attack pattern |
53
+
| Azure AD threat intelligence | Microsoft's internal and external threat intelligence sources have identified a known attack pattern |
54
54
55
55
More detail on these risks and how/when they are calculated can be found in the article, [What is risk](concept-identity-protection-risks.md).
56
56
@@ -76,6 +76,15 @@ Information about integrating Identity Protection information with Azure Sentine
76
76
77
77
Identity Protection requires users be a Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator in order to access.
78
78
79
+
| Role | Can do | Can't do |
80
+
| --- | --- | --- |
81
+
| Global administrator | Full access to Identity Protection ||
82
+
| Security administrator | Full access to Identity Protection | Reset password for a user |
83
+
| Security operator | View all Identity Protection reports and Overview blade <br><br> Dismiss user risk, confirm safe sign-in, confirm compromise | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts |
84
+
| Security reader | View all Identity Protection reports and Overview blade | Configure or change policies <br><br> Reset password for a user <br><br> Configure alerts <br><br> Give feedback on detections |
85
+
86
+
Conditional Access administrators can also create policies that factor in sign-in risk as a condition, find more information in the article [Conditional Access: Conditions](../conditional-access/concept-conditional-access-conditions.md#sign-in-risk).
0 commit comments