Delinea, a leading provider of solutions that extend Privileged Access Management, acquires Authomize. Learn More

Authomize Blog

Extending Identity Security Visibility for Azure AD Identity Protection

Your ability to properly assess your risk is directly correlated to the breadth and depth of your intelligence. 
For security teams seeking to protect against identity-based threats, they need to be able to answer basic questions like…

09/03/2023 • Gabriel Avner

Read more

Solution Brief

Learn how Authomize's solution is changing the way companies are managing authorizations


Your ability to properly assess your risk is directly correlated to the breadth and depth of your intelligence. 

For security teams seeking to protect against identity-based threats, they need to be able to answer basic questions like:

The good news is that for users of Azure Active Directory Identity Protection, answering these questions and reaching better security outcomes just got a lot easier. 

Authomize, the Identity Threat Detection and Response (ITDR) Platform, will begin enriching AAD Identity Protection with contextual identity and access data from across all environments, improving the overall quality of the Risky Users scoring. 

For those new to the term, ITDR is the new category of identity and access security tools used for protecting against identity-based attacks, providing a critical layer of security for identity and access. 

Authomize’s ITDR Platform connects to cloud services, applications, and IAM infrastructure to collect and analyze data on identities, access privileges, assets, and privilege usage to produce actionable insights to eliminate identity risks and mitigate active threats. 

The benefit for Azure customers from the addition of Authomize’s data to Identity Protection is the extension of visibility over not just their Microsoft products, but all of their applications and services across all their environments. 

This is a big boon for multi-cloud organizations who utilize a mixture of Azure, AWS, GCP, Azure AD, Okta, a variety of HR tools, and of course all of their SaaS applications like GitHub, Salesforce, Dropbox, and G Suite just to name a few drops in the ocean of possibilities.

So how does Authomize’s extensive yet granular visibility help us to better understand our risk?

Assessing and Operationalizing Risk

On a high level, there are three points through which Authomize takes risk into account:

Diving a bit deeper, we can see a couple of examples for how risk is used in practice.   

Risk Scoring

Developing an actionable risk score depends on your ability to confidently know how likely a threat is to happen, and what the extent of the damage can be if the situation turns south.  

Azure AD Identity Protection customers currently have valuable visibility on data such as login attempts, device information, and location data that can help them to determine if there are reasons to trigger additional conditional access measures.

If there are indications that the account has been compromised like:

Then Azure AD Identity Protection policies can automatically block a sign-in attempt or require additional action, such as requiring a password change or prompt for Azure AD Multi-Factor Authentication. 

This decision to trigger one of these responses is based on the assessment of risk.

By incorporating Authomize’s in-depth insights on who has access to which assets, and what those identities can do with their privileges, Azure AD Identity Protection users immediately gain a clearer, more comprehensive picture of their risk level.

This scoring is based on two components:

Account Takeover Risk 

How likely is it that a malicious actor could gain control of the account? Some of the factors in this equation include:

The more risk factors, the higher this score climbs.

Blast Radius 

In the event that the account is taken over by a bad actor, what will they be able to impact? 

For example, if Sue’s account is compromised, we need to consider: 

If Sue has high level and far reaching access privileges, then she puts the organization at significant risk. 

Authomize can track access privileges across all environments, including through nested groups, to understand all of the access paths that an identity has to an asset. This includes detecting access privileges for identities external to your Azure AD like 3rd parties, contractors, and those in other IdPs like Okta.

Creating Actionable Analysis and Response

These two risk components taken together help Authomize produce the overall risk score that is then sent on to Azure AD Identity Protection over the open API for use on the dashboard to aid in making smarter, data-driven decisions.

While this integration adds additional dimensions to Azure AD Identity Protection, the benefits actually flow both ways. 

Risky user and login data collected by Azure AD Identity Protection is used by Authomize to enrich our analysis. Our ITDR Platform can then utilize our automated response workflows to take actions like refactoring risky policies, sending contextual identity data alerts to SecOps tools like SIEMs, and much, much more.

For more information on how to take advantage of Authomize’s Identity Threat Detection and Response (ITDR) Platform, learn more in our integration page, or visit us on the Azure Marketplace