Skip Navigation
Get a Demo
Resources Blog Product updates

Respond automatically to compromised credentials in Azure Active Directory

Use Red Canary’s automated playbooks to respond to compromised credentials and prevent credential theft in your Azure AD environment.

Kevin Gee

One of the most important threats in cloud and SaaS environments for modern organizations is credential theft. Malicious actors who obtain credentials can disrupt your business by stealing internal intellectual property information, expose sensitive data that can negatively affect and impact your employees, business, and customers, or damage your internal and production systems by installing malicious software or inserting backdoor access.

Detecting credential theft can often be difficult as it can be hard to parse what behavioral events are actual indicators of compromise vs false positives. Red Canary’s security expertise and threat knowledge combined with our advanced detection techniques suppress and reduce false positives while rooting out real compromised credential threats before they can become actual problems. And now, Red Canary also helps reduce your time to respond to these threats in Azure Active Directory by adding automated response actions, helping you stop the threat before it begins.

Red Canary customers with Azure Active Directory can now set up automated playbooks to granularly respond to compromised credentials depending on the severity or potential impact of the threat. Admins can revoke session tokens, forcing users to fully re-authenticate to prove their identity again when suspicious activity is detected. For potentially more severe threats, admins can have Red Canary suspend a user’s account entirely. Once the user has changed their password and any potential issues have been resolved, automation allows you to unsuspend the user’s account.

For more information on the Identity Security workloads available through Microsoft, check out this blog post which describes the difference between Azure AD Identity Protection and Defender for Identity, and this blog which discusses Microsoft Conditional access.


Look beyond processes with Linux EDR


How Red Canary supports Microsoft customers


Drawing lines in the cloud: A new era for MDR


Train hard for an easy battle: Introducing Readiness Exercises

Subscribe to our blog

Back to Top