Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article summarizes the Microsoft Defender for Identity activities we recommend for your team on a daily, weekly, and monthly basis.
| Cadence | Tasks |
|---|---|
| Daily | - Triage incidents by priority - Configure tuning rules for benign true positives / false positive alerts - Review the ITDR dashboard - Proactively hunt - Review Defender for Identity health issues |
| Weekly | - Review Secure score recommendations - Review and respond to emerging threats - Proactively hunt |
| Monthly | - Review tuned alerts and adjust tuning if needed - Track new changes in Microsoft Defender XDR and Defender for Identity |
| Quarterly / Ad hoc Depending on your organization's needs and processes |
- Review Microsoft service health - Review server setup process to include sensors - Check domain configuration via PowerShell |
You might want to proactively hunt on a daily or weekly basis, depending on your level as a SOC analyst.