What's New in Microsoft Defender for Identity in December 2021

Microsoft Defender for Identity

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

What's New

In December 2021, three new versions of Microsoft Defender for Identity were released:

  1. Version 2.165, released on December 6th, 2021
  2. Version 2.166, released on December 27th, 2021
  3. Version 2.167, released on December 29th, 2021

New security alert

A new security alerts was added: Suspicious modification of a sAMNameAccount attribute.

In this detection, initially released with Microsoft Defender for Identity release 2.166, a security alert is triggered whenever an attacker is trying to exploit CVE-2021-42278 and CVE-2021-42287, commonly referred to as the SAM Name impersonation and KDC Bamboozing vulnerabilities.

Microsoft introduced this detection in response to the publishing of these CVEs and encourages Active Directory admins to also deploy the following updates on Domain Controllers:

improvements and bug fixes

All three December 2021 Defender for Identity versions releases include improvements and bug fixes for the internal sensor infrastructure.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.