AAD Premium 2 (or AAD P2) is the highest tier of the AAD service. In addition to the features already included in AAD P1, AAD P2 also provides organizations with the following tools:
- Identity Protection: Azure AD Identity Protection is an intelligence service that is able to understand current signals (data gathered from security and data interactions) and calculate the risk and vulnerabilities of user sessions across the organization. Identity protection can detect risky behaviors, such as when MFA registration is not configured, or the use of unsanctioned cloud apps unmanaged by Privileged Identity Management. Moreover, risk can be detected based on one of the following activities:
- Users with leaked credentials
- Sign-ins from anonymous IP addresses
- Azure AD threat intelligence pattern detections
- Sign-ins from IP addresses with suspicious activity
- Sign-ins from unfamiliar locations
- Privileged Identity Management (PIM): PIM allows administrators to configure workflows for times when elevated permissions are required to perform a job duty. Once configured, PIM workflows can grant specified permissions for a limited duration of time and then revoke them once the time period has expired, thereby helping organizations implement a least-privilege administrative model.
- Access reviews: Access reviews allow organizations to recommend and automate permission or group management, such as removing users from groups after periods of activity.
With these tools in place, administrators should find it easier to reduce the attack surface of their organizations. While having access to these tools is important, it's equally important to know how the security features of AAD can help protect organizations. In the next section, we'll outline a few common threats and how AAD can help mitigate them.