--- title: Azure AD Identity Protection Integration Kit description: The Azure AD Identity Protection Integration Kit allows PingFederate to communicate with Azure AD Identity Protection for risk-based authentication. component: azure page_id: azure:azure_ad_identity_protection_integration_kit:pf_azuread_identityprotection_ik canonical_url: https://docs.pingidentity.com/integrations/azure/azure_ad_identity_protection_integration_kit/pf_azuread_identityprotection_ik.html revdate: June 21, 2024 section_ids: features: Features components: Components intended-audience: Intended audience system-requirements: System requirements --- # Azure AD Identity Protection Integration Kit The Azure AD Identity Protection Integration Kit allows PingFederate to communicate with Azure AD Identity Protection for risk-based authentication. By sending a Microsoft user ID to Azure AD Identity Protection when a user signs on, PingFederate can get a security Result based on the user's history. You can use this to dynamically adjust the authentication requirements. For example, you could configure your PingFederate authentication policy to require multifactor authentication (MFA) when a user with a high-risk level signs on. ## Features * Uses the Azure AD Identity Protection "riskyUsers" resource * Supports the PingFederate [PingFederate authentication API](https://docs.pingidentity.com/pingfederate/latest/developers_reference_guide/pf_authentication_api.html) * Supports the [JavaScript Widget for the PingFederate Authentication API](https://github.com/pingidentity/pf-authn-js-widget) ## Components * Azure AD Identity Protection IdP Adapter: * When a user signs on through PingFederate, the adapter sends the user ID to Azure AD Identity Protection. * The adapter receives the user's Result and makes it available in the PingFederate authentication policy. ## Intended audience This document is intended for PingFederate administrators. Learn more about the setup process with the following resources: * The following sections of the PingFederate documentation: * [Managing IdP adapters](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_managing_idp_adapters.html) * [Authentication policies](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_authentication_policies.html) * The following sections of the Azure AD Identity Protection documentation: * [What is Identity Protection?](https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection) * [What is risk](https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks) * [How To: Investigate risk](https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk) ## System requirements * PingFederate 9.3 or later. * A valid Azure AD Identity Protection license. Learn more about [License requirements](https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection/) in the Azure AD Identity Protection documentation. * This integration uses the [Microsoft Login Integration Kit](../../microsoft-login/pf_microsoft_login_ik.html) to get Microsoft user IDs. Setup details are provided in [Setting up the Microsoft Login Integration Kit](pf_azuread_identityprotection_ik_setting_up_the_microsoft_cloud_identity_connector.html).