Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
What are PAM services?
Privileged Access Management (PAM) solutions help reduce the risk of credential misuse by securing, monitoring, and controlling privileged account access to critical resources. PAM solutions secure privileged accounts by storing their credentials in a secure vault, controlling access through approval workflows, and monitoring active sessions to enforce just-in-time (JIT) and just-enough-access (JEA) policies. Common PAM capabilities include, automated password rotation, multifactor authentication, session isolation, and anomaly detection.
Defender for Identity and PAM
Defender for Identity helps identify and investigate suspicious activities related to privileged accounts, such as unusual sign in patterns or privilege escalation attempts. When integrated with a PAM solution, Microsoft Defender for Identity can detect and investigate suspicious activity involving privileged accounts—such as abnormal sign-ins or privilege escalation attempts. The integration combines PAM’s access controls with Defender for Identity’s behavioral analytics for enhanced threat detection and containment.
Technology partners
Microsoft Defender for Identity currently supports integration with the following PAM vendors. Dedicated integrations for each partner are now available in the Microsoft 365 Defender partner catalog for streamlined onboarding and visibility.
| Vendor | Description |
|---|---|
| CyberArk | Provides credential vaulting, session monitoring, and threat remediation for privileged identities. |
| BeyondTrust | BeyondTrust Offers identity-centric controls to manage the privilege attack surface and mitigate internal and external threats. |
| Delinea | Delivers centralized authorization and session control for privileged identities across enterprise environments. |
Reset password
Once PAM integration is enabled, Microsoft Defender XDR automatically tags identities managed by your PAM solution, providing critical context during investigations.
Additionally, you can initiate a password reset for high-risk privileged accounts directly from the Microsoft Defender XDR console. This action uses the connected PAM system.
To reset a password:
- Go to Assets > Identities.
- Select the relevant identity.
- Click the three-dot menu (⋯) in the top-right corner.
- Select Reset password. The label might vary based on the vendor (for example, Reset password by CyberArk, Reset password by BeyondTrust).
This capability streamlines containment and response workflows by embedding privileged access controls directly into the investigation experience.
Next steps
For more information, see:
How to integrate Defender for Identity with Delinea