Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
What's New
Enhanced Active Directory account control highlights
The Microsoft 365 Defender Identity > user details page now includes new Active Directory account control data.
On the user details Overview tab, Microsoft has added the new Active Directory account controls card to highlight important security settings and Active directory controls. For example, use this card to learn whether a specific user is able to bypass password requirements or has a password that never expires.
Defender for Identity release 2.204
On May 29, 2023, Microsoft released Defender for Identity release 2.204. It features a new health alert for VPN (RADIUS) integration data ingestion failures.
This version also includes improvements and bug fixes for internal sensor infrastructure.
Defender for Identity release 2.203
On May 15, 2023, Microsoft released Defender for Identity release 2.203. It features the following new functionality:
- New health alert for verifying that ADFS Container Auditing is configured correctly.
- The Microsoft Defender 365 Identity page includes UI updates for the lateral movement path experience. No functionality was changed.
This version also includes improvements and bug fixes for internal sensor infrastructure.
Identity timeline enhancements
The identity Timeline tab now contains new and enhanced features! With the updated timeline, admins can now filter by:
- Activity type
- Protocol
- Location
These filters are in addition to the original filters. Admins can also export the timeline to a CSV file and find additional information about activities associated with MITRE ATT&CK techniques.
Alert tuning in Microsoft 365 Defender
Alert tuning, now available in Microsoft 365 Defender, allows admins to adjust alerts and optimize them. Alert tuning reduces false positives, allows the SOC teams to focus on high-priority alerts, and improves threat detection coverage across the system.
In Microsoft 365 Defender, create rule conditions based on evidence types, and then apply the rule on any rule type that matches the conditions.
Login