Identity Protection

Microsoft Entra ID Identity Protection is the risk-detection engine that evaluates every sign-in and user account for compromise. It generates two kinds of risk signal: sign-in risk (this specific sign-in looks suspicious — impossible travel, anonymous IP, malware-linked IP) and user risk (this user's account is compromised — credentials found in known breaches, ongoing leaked-credential signals). Risk levels feed into Conditional Access policies that can block sign-in, require MFA, or force password reset. Available on Entra ID P2 and Microsoft 365 E5. Pairs naturally with Defender for Identity for on-premises identity risk.