Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
In June 2022, two new versions of Microsoft Defender for Identity were released:
- Version 2.182, released on June 4, 2022
- Version 2.183, released on June 20, 2022
These releases introduced the following functionality:
New security alert: Suspected DFSCoerce attack using Distributed File System Protocol
In response to the publishing of a recent attack tool that leverages a flow in the DFS protocol, Microsoft Defender for Identity will trigger a security alert whenever an attacker is using this attack method.
New About page for Defender for Identity
A new About page for Defender for Identity is available. You can find it in the Microsoft 365 Defender portal, under Settings, Identities, About. The new page provides several important details about the Defender for Identity workspace, including the workspace name, version, ID and the geolocation of the workspace.
This information can be helpful when troubleshooting issues and opening support tickets.
IMPROVEMENTS AND BUG FIXES
Both June 2022 Defender for Identity versions releases include improvements and bug fixes for the internal sensor infrastructure.