What's New in Microsoft Defender for Identity in July 2023

Reading Time: 2 minutes

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

 

What's New

New security posture reports

Defender for Identity's identity security posture assessments proactively detect and recommend actions across your on-premises Active Directory configurations.

The following new security posture assessments are now available in Microsoft Secure Score:

 

Automatic redirection for the classic Defender for Identity portal

The Microsoft Defender for Identity portal experience and functionality have been converged into Microsoft’s extended detection and response (XDR) platform, Microsoft 365 Defender. As of July 6, 2023, customers using the classic Defender for Identity portal are automatically redirected to Microsoft 365 Defender, with no option to revert back to the classic portal.

 

Search for Active Directory groups in Microsoft 365 Defender Preview

The Microsoft 365 Defender global search now supports searching by Active Directory group name. Any groups found are shown in the results on a separate Groups tab. Select an Active Directory group from the search results to see more details, including:

  • Type
  • Scope
  • Domain
  • SAM name
  • SID
  • Group creation time
  • The first time an activity by the group was observed
  • Groups that contain the selected group
  • A list of all group members

 

Defender for Identity report downloads and scheduling in Microsoft 365 Defender Preview

Now, admins can download and schedule periodic Defender for Identity reports from the Microsoft 365 Defender portal, creating parity in report functionality with the classic Defender for Identity portal.

Download and schedule reports in Microsoft 365 Defender from the Settings > Identities > Report management page.

 

Defender for Identity release 2.209

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

 

Defender for Identity release 2.208

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

 

Defender for Identity release 2.207

This version provides the new AccessKeyFile installation parameter. Use the AccessKeyFile parameter during a silent installation of a Defender for Identity sensor, to set the workspace Access Key from a provided text path.

It also includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.