When to use Identity Protection?

Identity protection is an Azure AD tool that automates the detection and remediation of identity-based risks.

Configure the policies and actively review the results.
Set the sign-in risk policy to Medium and above and allow self-remediation options.
Set the user risk policy threshold to High.
Allow for excluding users-emergency access or break-glass administrator accounts.
Send data to Conditional Access or other Security Information and Event Management (SIEM) tool.