Microsoft enjoys an advantage over other cloud providers because, within their cloud they run many of the world’s largest cloud services, including Outlook.com, Xbox Live, Office 365 and Azure. These services generate an incredible amount of data, every day their system process greater than 10 terabytes of data including 14 billion logins from 1 billion users. These login signals are combined with data feeds from Microsoft’s Digital Crimes Unit and Microsoft Security Response Center, phishing attack data from Outlook.com and Exchange Online as well as information they acquire from partnering with law enforcement, security partners and researchers, academic professionals and their partners around the world, such as Law Office Clouds.
Microsoft uses this tremendous amount of data to continuously train their detection algorithms to detect and block new emerging attacks patterns. This results in real-time login risk scores for every authentication request and automatically respond to threats by blocking logins, issuing Azure Active Directory Multi-Factor Authentication challenges, or in the more extreme, requiring the users to change their credentials all based on each organizations unique set of access policies.
Azure AD Identity Protection notifies delegated firm staff, administrators and Law Office Clouds when new compromised users, risky sign-ins, or configuration vulnerabilities are detected. By utilizing “Conditional Access policies” Law Office Clouds engineers, administrators and security analysts can help potentially prevent and remediate risks before being exploited by cyber-criminals. F
For more information see: https://azure.microsoft.com/en-us/documentation/articles/active-directory-identityprotection/