Microsoft Defender for Identity is a cloud-based security solution that helps secure your identity monitoring across your organization.
Defender for Identity is fully integrated with Microsoft Defender XDR, and leverages signals from both on-premises Active Directory and cloud identities to help you better identify, detect, and investigate advanced threats directed at your organization.
Deploy Defender for Identity to help your SecOp teams deliver a modern identity threat detection (ITDR) solution across hybrid environments, including:
Prevent breaches, using proactive identity security posture assessments
Detect threats, using real-time analytics and data intelligence
Investigate suspicious activities, using clear, actionable incident information
Respond to attacks, using automatic response to compromised identities
Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP).
重要
Customers using the classic Defender for Identity portal are now automatically redirected to Microsoft Defender XDR, with no option to revert back to the classic portal.
Protect user identities and reduce the attack surface
Defender for Identity provides you with invaluable insights on identity configurations and suggested security best-practices. Through security reports and user profile analytics, Defender for Identity helps dramatically reduce your organizational attack surface, making it harder to compromise user credentials, and advance an attack.
Proactively assess your identity posture
Defender for Identity provides you with a clear view of your identity security posture, helping you to identify and resolve security issues before they can be exploited by attackers.
For example:
Defender for Identity's Lateral Movement Paths help you quickly understand exactly how an attacker can move laterally inside your organization. Lateral movement paths can compromise sensitive accounts, and Defender for Identity helps you prevent those risks in advance.
Detect threats across modern identity environments
Modern identity environments often span both on-premises and in the cloud. Defender for Identity uses data from across your environment, including domain controllers, Active Directory Federation Services (AD FS), and Active Directory Certificate services (AD CS), to provide you with a complete view of your identity environment.
Defender for Identity sensors monitor domain controller traffic by default. For AD FS / AD CS servers, make sure to install the relevant sensor type for complete identity monitoring.
Identify suspicious activities across the cyber-attack kill-chain
Typically, attacks are launched against any accessible entity, such as a low-privileged user. Attackers then quickly move laterally until they gain access to valuable assets, such as sensitive accounts, domain administrators, and highly sensitive data.
Defender for Identity identifies these advanced threats at the source throughout the entire cyber-attack kill chain:
Threat
In Defender for Identity ...
Reconnaissance
Identify rogue users and attackers' attempts to gain information.
Attackers search for information about user names, users' group membership, IP addresses assigned to devices, resources, and more, using various methods.
Compromised credentials
Identify attempts to compromise user credentials using brute force attacks, failed authentications, user group membership changes, and other methods.
Lateral movements
Detect attempts to move laterally inside the network to gain further control of sensitive users, utilizing methods such as Pass the Ticket, Pass the Hash, Overpass the Hash and more.
Domain dominance
View highlighted attacker behavior if domain dominance is achieved. For example, attackers might run code remotely on the domain controller, or use methods like DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.
Defender for Identity is designed to reduce general alert noise, providing you with a prioritized list of relevant, important security alerts in a simple, real-time organizational attack timeline.
Seamless integration with Microsoft Defender XDR provides another layer of enhanced security by correlating data from other domains, for greater visibility and accuracy across users, devices, and network resources.