Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory, AD FS, and Certification Authority (CA) admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
New sensor type for Active Directory Certificate Services (AD CS)
Defender for Identity now supports the new ADCS sensor type for a dedicated server with Active Directory Certificate Services (AD CS) configured.
Admins can find the new sensor type identified on the Settings > Identities > Sensors page in Microsoft 365 Defender.
Certification Authority-related Alerts and Secure Score Reports
Defender for Identity also now provides AD CS-related alerts and Secure Score reports.
To view the new alerts and Secure Score reports, make sure that the required events are being collected and logged on Certification Authorities (CAs).
Active Directory Certificate Services (AD CS) is a Windows Server role that issues and manages public key infrastructure (PKI) certificates in secure communication and authentication protocols.
Four new releases
The Defender for Identity team performed four new releases:
These versions include improvements and bug fixes for cloud services and the Defender for Identity sensor.