Automates the detection and remediation of identity-based risks. The signals that are generated and fed into Identity Protection can be exported to other tools - **Key Tasks:** - **Risk Detection:** Identifies suspicious actions related to user accounts. - **Risk Policies:** Evaluates user risk (probability of compromised identity) and sign-in risk (probability of unauthorized sign-in). - **Remediation:** Enforces measures like password resets in response to detected risks.  - **Types of Risks:** - **User Risks:** Leaked credentials, unusual activity, known attack patterns. - **Sign-In Risks:** Anonymous IP addresses, atypical travel, malware-linked IP addresses, password spray attacks.  - **Recommendations:** - Set user risk policy to “High” and sign-in risk policy to “Medium and above.” - Investigate risks in the Azure portal and export data for further analysis. ## Resources [Design for identity protection - Training | Microsoft Learn](https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/7-design-for-identity-protection) [Microsoft Entra ID Protection overview - Microsoft Entra ID Protection | Microsoft Learn](https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard) [What are risks in Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft Learn](https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks)