Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
What's New
New security posture reports
Defender for Identity's identity security posture assessments proactively detect and recommend actions across your on-premises Active Directory configurations.
The following new security posture assessments are now available in Microsoft Secure Score:
- Do not expire passwords
- Remove access rights on suspicious accounts with the Admin SDHolder permission
- Manage accounts with passwords more than 180 days old
- Remove non-admin accounts with DCSync permissions
- Remove local admins on identity assets
- Start your Defender for Identity deployment
Automatic redirection for the classic Defender for Identity portal
The Microsoft Defender for Identity portal experience and functionality have been converged into Microsoft’s extended detection and response (XDR) platform, Microsoft 365 Defender. As of July 6, 2023, customers using the classic Defender for Identity portal are automatically redirected to Microsoft 365 Defender, with no option to revert back to the classic portal.
Search for Active Directory groups in Microsoft 365 Defender Preview
The Microsoft 365 Defender global search now supports searching by Active Directory group name. Any groups found are shown in the results on a separate Groups tab. Select an Active Directory group from the search results to see more details, including:
- Type
- Scope
- Domain
- SAM name
- SID
- Group creation time
- The first time an activity by the group was observed
- Groups that contain the selected group
- A list of all group members
Defender for Identity report downloads and scheduling in Microsoft 365 Defender Preview
Now, admins can download and schedule periodic Defender for Identity reports from the Microsoft 365 Defender portal, creating parity in report functionality with the classic Defender for Identity portal.
Download and schedule reports in Microsoft 365 Defender from the Settings > Identities > Report management page.
Defender for Identity release 2.209
This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.
Defender for Identity release 2.208
This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.
Defender for Identity release 2.207
This version provides the new AccessKeyFile installation parameter. Use the AccessKeyFile parameter during a silent installation of a Defender for Identity sensor, to set the workspace Access Key from a provided text path.
It also includes improvements and bug fixes for cloud services and the Defender for Identity sensor.
Login