Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
What's New
In September 2021, one new version of Microsoft Defender for Identity was released, introducing the following improvements:
New Security Alert
A new security alerts was added: gMSA account password was retrieved by a user
In this detection, initially released with Microsoft Defender for Identity release 2.161, a security alert is triggered whenever a user successfully retrieves the password of a group Managed Service Account (gMSA).
Note:
This detection relies on Windows event 4662, so it must be configured beforehand.
Improvements and bug fixes for internal sensor infrastructure
The september 12, 2021 Defender for Identity release includes improvements and bug fixes for the internal sensor infrastructure.
Login