Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

What's New

In Janaury 2023, two new versions of Microsoft Defender for Identity were released:

• Version 2.196. This version was released on January 10, 2023.
• Version 2.197. This version was released on January 22, 2023.

These releases introduced the following functionality:

New health alert for Directory Services Object Auditing

Version 2.196 introduced a new health alert for verifying that Directory Services Object Auditing is configured correctly. If Directory Services Object Auditing in  the Active Directory domain is not configured as required an health alert is triggered.

New health alert for Power settings

Version 2.196 introduced a new health alert for verifying that the sensor’s power settings are configured for optimal performance. If a Domain Controller's Power mode is not configured for optimal processor performance, an health alert is triggered.

MITRE ATT&CK information in Advanced Hunting

In version 2.196, Microsoft has added MITRE ATT&CK information to the IdentityLogonEvents, IdentityDirectoryEvents and IdentityQueryEvents tables in Microsoft 365 Defender Advanced Hunting. In the AdditionalFields column, admins can find details about the Attack Techniques and the Tactic (Category) associated with some activities.

Improvements and bug fixes

Version 2.197 includes improvements and bug fixes for the internal sensor infrastructure.