Automate the detection and remediation of identity-based risks. Identity Protection takes signals from other Microsoft services such as malware linked IP addresses and uses that to make a risk based determination. The risk level can be used in risk-based Conditional Access to determine if MFA should be invoked, or used by other SIEM tools.