Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory, AD FS, and Certification Authority (CA) admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
Defender for Identity release 2.217
This version includes the following improvements:
- Summary report: The summary report has been updated to include two new columns in the Health issues tab:
Additional information on the issue, such as a list of impacted objects or specific sensors on which the issue occurs.
A list of recommended actions that can be taken to resolve the issue, or how to investigate the issue further.
- Health issues: Added the The 'Remove learning period' toggle was automatically switched off for this tenant issue
This version also includes bug fixes for cloud services and the Defender for Identity sensor.
Defender for Identity release 2.216
This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.