Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

June 7, 2025

  Analyst Report

Protected Actions Help Keep Entra ID Secure

My Atlas / Analyst Reports

844 wordsTime to read: 5 min
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

  • Protected actions offer a final conditional access check before administrators can make core changes to Entra ID.

  • This can help protect Entra ID from attack by ensuring an administrator is legitimate before making critical changes.

  • The feature only requires Entra ID P1, which is included in all Microsoft 365 subscriptions.

Protected actions are Entra ID permissions that have been specifically set to require an additional conditional access check before administrators can make high-impact changes. Examples include creating or deleting conditional access policies or permanently deleting tombstoned Entra ID objects (objects previously marked for deletion). By offering a last opportunity for a conditional access check on these core permissions, protected actions in Entra ID can help defend against attack by rogue entities, even if using compromised administrator credentials. 

What Are Protected Actions?

Protected actions provide a last bastion of protection over several highly valuable Entra ID configuration points.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now