Enterprise Mobility and Security Blog

RSS

Require users to sign in again in case of suspicious behavior

Real-time remediation for security threats is a key challenge for companies, where attackers can move quickly to access critical data. Cloud App Security team is excited to introduce a new feature for threat protection through integration with Azure Active Directory: when a suspicious user activity is detected by Cloud App Security, you can now prevent access to corporate data accessed through apps that use Azure AD by requiring the user to sign in again.

Let’s explore two key reaction capabilities of this feature:

Respond to anomalous behavior

External sharing of sensitive files, download of sensitive files from unrecognized locations, or any activity that’s considered abnormal can trigger alerts in Cloud App Security portal. These alerts provide immediate notification of potential security incidents and assist admins with proactive investigation.

In the event of suspicious user behavior, the new auto-remediation feature allows the security admin to take immediate action, and requiring the user to sign-in again to all apps.

React to account takeover

When an attacker gains unauthorized access to an account, a common industry practice is to disable the account. But this is not enough! If the account is actively being used to exfiltrate data, gain elevated privileges in the organization, or any other method that keeps the attacker’s session active, they can still use the compromised account.

The new Cloud App Security capability allows an admin to require the user to sign in again and mitigate the attack. Cloud App Security invalidates all the user’s refresh tokens issued to cloud apps.

How to implement this feature

Requiring the user to sign in again can be set during the policy creation phase, or initiated directly from an alert as part of the resolution options for a user. Initiating governance actions directly from the policy allow for automatic remediation. In this case, the admin needs only to select this option and it will be enforced.

image

Policy setting: require user to sign-in again

Alternatively, an admin can select to require another sign in as part of the reactive investigation of an alert as seen below. In either case, to ensure secure productivity, the user is protected and can continue working with minimal interruption.

image

Require user to sign in again during investigation of a specific alert

Better together

Our goal is to provide a holistic and innovative security approach with Enterprise Mobility + Security. Cloud App Security and Azure Active Directory together offer unique value that help you gain better control over your cloud, by identifying suspicious activities which may be indicative of a breach and then respond immediately.

Learn more and give us feedback

We know how important visibility, control and threat protection are for you, especially when it comes to cloud apps. Our goal is to continuously innovate to provide a top-notch user experience, visibility, data control and threat protection for your cloud apps. If you would like to learn more about our solution, please visit our technical documentation page.

Your feedback is key to our product development process. If you have questions, comments or feedback, please leave a comment below or visit our Microsoft Cloud App Security Tech Community page.