{"id":36091,"date":"2020-07-15T18:00:45","date_gmt":"2020-07-15T18:00:45","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=91553"},"modified":"2020-07-15T18:00:45","modified_gmt":"2020-07-15T18:00:45","slug":"prevent-and-detect-more-identity-based-attacks-with-azure-active-directory","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/","title":{"rendered":"Prevent and detect more identity-based attacks with Azure Active Directory"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/07\/SEC20_Security_004-7-15-BANNER.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Security incidents often start with just one compromised account. Once an attacker gets their foot in the door, they can escalate privileges or gather intelligence that helps them reach their goals. This is why we say that identity is the new security perimeter. To reduce the risk of a data breach, it\u2019s important to make it harder for attackers to steal identities while arming yourself with tools that make it easier to detect accounts that do get compromised.<\/p>\n<p>Over the years the Microsoft Security Operations Center (SOC) has learned a lot about how identity-based attacks work and how to reduce them. We\u2019ve leveraged these insights to refine our processes, and we\u2019ve worked with the Azure AD product group to improve Microsoft identity solutions for our customers. At the RSA Conference 2020, we provided an inside look into <a href=\"https:\/\/www.rsaconference.com\/usa\/agenda\/cloud-powered-compromise-blast-analysis-in-the-trenches-with-microsoft-it\" target=\"_blank\" rel=\"noopener noreferrer\">how the Microsoft SOC helps protect Microsoft from identity compromise<\/a>. Today, we are sharing best practices that you can implement in your own organization to help decrease the number of successful identity-based attacks.<\/p>\n<h3>Increase the cost of compromising an identity<\/h3>\n<p>One reason that identity-based attacks work is <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/your-pa-word-doesn-t-matter\/ba-p\/731984\" target=\"_blank\" rel=\"noopener noreferrer\">because passwords are hard for busy people<\/a>, but they can be an easy target for attackers. People struggle to memorize unique and complex passwords for hundreds of work and personal applications. Instead, they reuse passwords across different applications or pick something that is easy to remember\u2014sports teams, for example: Seahawks2020!<\/p>\n<p>Bad actors exploit this reality with techniques like phishing campaigns to trick users into providing credentials. They also try to guess passwords or buy them on the dark web. In password spray, attackers test commonly used passwords against several accounts\u2014all they need is one.<\/p>\n<p>To make it harder for bad actors to acquire and use stolen credentials, implement the following technical controls:<\/p>\n<p><strong>Ban common passwords:<\/strong> Start by banning the most common passwords. <a href=\"https:\/\/azure.microsoft.com\/en-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Active Directory (Azure AD)<\/a> can <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-password-ban-bad\" target=\"_blank\" rel=\"noopener noreferrer\">automatically prevent users from creating popular passwords<\/a>, such as password1234! You can also customize the banned password list with words specific to your region or company.<\/p>\n<p><strong>Enforce multi-factor authentication (MFA):<\/strong> <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-mfa-howitworks\" target=\"_blank\" rel=\"noopener noreferrer\">MFA requires that people sign in using two or more forms of authentication<\/a>, such as a password and the Microsoft Authenticator app. This makes it much harder for an attacker with a stolen password to gain access. In fact, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/08\/20\/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">this one control can block over 99.9 percent of account compromise attacks.<\/a><\/p>\n<p><strong>Block legacy authentication:<\/strong> Authentication protocols like POP, SMTP, IMAP, and MAPI&nbsp;can\u2019t enforce MFA, which makes them an ideal target for bad actors. <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/block-legacy-authentication\" target=\"_blank\" rel=\"noopener noreferrer\">According to an analysis of Azure AD<\/a>, over 99 percent of password spray attacks use legacy authentication. Blocking these apps eliminates a common access point for attackers. If teams are currently using apps with legacy authentication, this takes careful planning and a phased process, but <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/new-tools-to-block-legacy-authentication-in-your-organization\/ba-p\/1225302\" target=\"_blank\" rel=\"noopener noreferrer\">tools in Azure AD can help you limit your risk<\/a> as you migrate to apps with more modern authentication protocols.<\/p>\n<p><strong>Protect your privileged identities:<\/strong> Users with administrative privileges are often targeted by cybercriminals because they have access to valuable resources and information. To reduce the likelihood that these accounts will be compromised, they should only be used when people are conducting administrative tasks. When users are doing other work, like answering emails, they should use an account with reduced access. <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/privileged-identity-management\/pim-configure\" target=\"_blank\" rel=\"noopener noreferrer\">Just-in-time privileges<\/a> can further protect administrative identities, by requiring that individuals receive approval before accessing sensitive resources and time-bounding how long they have access.<\/p>\n<h3>Detect threats through user behavior anomalies<\/h3>\n<p>Strong technical controls will reduce the risk of a breach, but with determined adversaries, they may not be totally preventable. Once attackers get in, they want to avoid detection for as long as possible. They build hidden tunnels and back doors to hide their tracks. Some lay low for thirty or more days on the assumption that log files will be deleted during that time. To discover threats inside your organization, you need the right data and tools to uncover patterns across different data sets and timeframes.<\/p>\n<p><strong>Event logging and data retention:<\/strong> Capturing and saving data can be tricky. Privacy regulations put restrictions on how long and what types of data you can save. Storing large amounts of information can get expensive. However, you\u2019ll need to see across login events, user permissions, and applications to spot anomalous behavior. Data from months or even years ago may help you spot patterns in more recent behavior. Once you understand your contractual and legal obligations related to data, decide which events your organization should store and then decide how long to keep them.<\/p>\n<p><strong>Leverage User and Entities Behavioral Analytics (UEBA):<\/strong> People tend to sign in and access resources in consistent ways over time. For example, a lot of employees check email as soon as they sign in. On the other hand, if someone\u2019s account immediately starts downloading files from a SharePoint site, it may mean the account has been compromised. To identify anomalous behavior, UEBA uses artificial intelligence and machine learning to model how users and devices typically behave. It then compares future behavior against the baseline to create a risk score. This allows you to analyze large data sets and elevate the highest-priority alerts.<\/p>\n<h3>Assess your identity risk<\/h3>\n<p>As you are making decisions about what controls and actions to prioritize, it helps to understand current risks. Penetration tests can help you uncover vulnerabilities. You can also run password spray tests to generate a list of easily guessable passwords. Or send a phishing email to your company to see how many people respond. The SOC can use these findings to test detections. They will also help you prepare training materials and build awareness with employees. Tools such as <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/identity-protection\/overview-identity-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Azure AD Identity Protection<\/a> can help you discover current users at risk and monitor risky behavior as your controls mature.<\/p>\n<h3>Learn more<\/h3>\n<p>Many of the technical controls we\u2019ve outlined are also best practices in a Zero Trust security strategy. Instead of assuming that everything behind the corporate network is safe, the Zero Trust model assumes breach and verifies each access request. <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Learn more about Zero Trust<\/a>.<\/p>\n<p>One way to reduce the likelihood that a password will be stolen is to eliminate passwords entirely. <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-authentication-passwordless\" target=\"_blank\" rel=\"noopener noreferrer\">Read more about passwordless authentication.<\/a><\/p>\n<p><a href=\"https:\/\/www.rsaconference.com\/usa\/agenda\/cloud-powered-compromise-blast-analysis-in-the-trenches-with-microsoft-it\" target=\"_blank\" rel=\"noopener noreferrer\">Watch our RASC 2020 presentation: Cloud-powered compromise blast analysis: In the trenches with Microsoft IT<\/a>.<\/p>\n<p>For more information on Microsoft Security Solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/07\/15\/prevent-identity-attacks-azure-active-directory\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security controls built into Azure Active Directory can reduce your risk of compromise.<br \/>\nThe post Prevent and detect more identity-based attacks with Azure Active Directory appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36092,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[1264,6426,347,1065],"class_list":["post-36091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-azure-active-directory","tag-azure-security","tag-cybersecurity","tag-security-response"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-15T18:00:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Prevent and detect more identity-based attacks with Azure Active Directory\",\"datePublished\":\"2020-07-15T18:00:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/\"},\"wordCount\":1101,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png\",\"keywords\":[\"Azure Active Directory\",\"Azure Security\",\"Cybersecurity\",\"Security Response\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/\",\"name\":\"Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png\",\"datePublished\":\"2020-07-15T18:00:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Active Directory\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/azure-active-directory\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Prevent and detect more identity-based attacks with Azure Active Directory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/","og_locale":"en_US","og_type":"article","og_title":"Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-15T18:00:45+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Prevent and detect more identity-based attacks with Azure Active Directory","datePublished":"2020-07-15T18:00:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/"},"wordCount":1101,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png","keywords":["Azure Active Directory","Azure Security","Cybersecurity","Security Response"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/","url":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/","name":"Prevent and detect more identity-based attacks with Azure Active Directory 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png","datePublished":"2020-07-15T18:00:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/prevent-and-detect-more-identity-based-attacks-with-azure-active-directory\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure Active Directory","item":"https:\/\/www.threatshub.org\/blog\/tag\/azure-active-directory\/"},{"@type":"ListItem","position":3,"name":"Prevent and detect more identity-based attacks with Azure Active Directory"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36091"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36091\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36092"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}