Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Blog Product updates

Contain identity threats automatically with Red Canary and Microsoft Entra ID

Contain identity threats automatically with Red Canary and Microsoft Entra ID

Red Canary’s expanded integration with Microsoft Entra ID facilitates rapid response to identity threats

Alex Spiliotes
Originally published . Last modified .

Red Canary observed a 4x increase in identity-enabled attacks in 2024, and three of the top five MITRE ATT&CK® techniques Red Canary detected last year involved compromised credentials. Given their prevalence and how challenging they can be to detect, identity threats demand that organizations implement trustworthy automated responses to effectively reduce risk. That’s why we are excited to expand the automated response capabilities we offer to Microsoft Entra ID customers.

Joint customers can now use Red Canary playbooks to force password resets and confirm users as compromised in Entra ID Protection.

Below is the current list of all automated responses that Red Canary customers can trigger in Microsoft Entra ID:

  • Password reset: Force users to reset their passwords upon Red Canary associating them with a threat.
  • Confirm users as compromised: Confirm users as compromised after Red Canary associates them with a threat to change their user and sign-in risk scores to “High” in Entra ID Identity Protection. This will trigger any Conditional Access Policies or other risk-based policies you have configured for High risk users.
  • Clear Microsoft Entra ID user sessions: Log all users, including Global Admins, out of all services that authenticate with Entra ID; invalidate all their refresh tokens; and invalidate all their browser session cookies to contain identity threats upon detection.
  • Suspend Microsoft Entra ID user: Prevent users from logging in to their Azure accounts by suspending any Entra ID user, including Global Admins, when Red Canary confirms a threat.
  • Unsuspend Microsoft Entra ID user: When Red Canary or your team remediates a threat, automatically unsuspend previously suspended customers to improve business continuity.

 

This release comes on the heels of Red Canary unveiling its Identity Investigation agent for Microsoft Entra ID and other expert AI agents that reduce noise, accelerate response, and give customers confidence.

Watch this webinar to learn more about Red Canary’s extensive integration with Microsoft Entra ID, and dive in here to learn more about Red Canary’s deep integration across core Microsoft products.

SEE FOR YOURSELF
Schedule a demo today to see Red Canary and Microsoft Entra ID in action
Related Articles
 

Announcing Red Canary MDR for Cisco Duo

 

Red Canary named a Leader in G2’s Summer 2025 MDR Reports — #1 in enterprise customer satisfaction

 

Red Canary named a Leader in MDR

 

Dive into the Red Canary Security Data Lake

Subscribe to our blog

 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Get curated insights on managed detection and response (MDR) services, threat intelligence, and security operations—delivered straight to your inbox every month.

 
 
 
 
Back to Top