Microsoft Defender for Identity's security posture assessments

Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true regarding use of unsupported or outdated components.

While your company may invest significant time and effort on hardening identities and identity infrastructure (such as Active Directory, Active Directory Connect) as an on-going project, it's easy to remain unaware of common misconfigurations and use of legacy components that represent one of the greatest threat risks to your organization. Microsoft security research reveals that most identity attacks utilize common misconfigurations in Active Directory and continued use of legacy components (such as NTLMv1 protocol) to compromise identities and successfully breach your organization. To combat this effectively, Microsoft Defender for Identity now offers proactive identity security posture assessments to detect and recommend actions across your on-premises Active Directory configurations.

What do Defender for Identity's security posture assessments provide?

• Detections and contextual data on known exploitable components and misconfigurations, along with relevant paths for remediation.
• Defender for Identity detects not only suspicious activities, but also actively monitors your on-premises identities and identity infrastructure for weak spots, using the existing Defender for Identity sensor.
• Accurate assessment reports of your current organization security posture, enabling quick response and effect monitoring in a continuous cycle.

How do I get started?

Access

Defender for Identity security assessments are available using the Microsoft Secure Score dashboard. The assessments are available in the Identity category in Microsoft Secure Score.

What is Microsoft Secure Score?

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more recommended actions taken. It can be found at https://security.microsoft.com/securescore in the Microsoft 365 Defender portal.

Licensing

A Defender for Identity license is required.

Identity security posture assessments

Defender for Identity offers the following identity security posture assessments. Each assessment is a downloadable report with instructions for use and tools for building an action plan to remediate or resolve.

Assessment reports

• Domain controllers with Print Spooler service available
• Dormant entities in sensitive groups
• Entities exposing credentials in clear text
• Microsoft LAPS usage
• Legacy protocols usage
• Riskiest lateral movement paths (LMP)
• Unmonitored domain controllers
• Unsecure account attributes
• Unsecure domain configurations
• Unsecure Kerberos delegation
• Unsecure SID History attributes
• Weak cipher usage

To access identity security posture assessments:

1. Open the Microsoft Secure Score dashboard.

2. Select the Recommended actions tab. You can search for a particular recommended action, or filter the results (for example, by the category Identity).

   

3. For more details, select the assessment.

   

Next steps

• Learn more about Microsoft Secure Score
• Check out the Defender for Identity forum!