Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.
It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory, AD FS, and Certification Authority (CA) admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.
Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).
Defender for Identity release 2.220
Defender for Identity release 2.220 includes improvements and bug fixes for cloud services and the Defender for Identity sensor.
Defender for Identity release 2.219
Defender for Identity release 2.219 includes improvements and bug fixes for cloud services and the Defender for Identity sensor. It also includes an Identity timeline feature:
Identity timeline includes more than 30 days of data Preview
Defender for Identity is gradually rolling out extended data retentions on identity details to more than 30 days.
The identity details page Timeline tab, which includes activities from Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Defender for Endpoint, currently includes a minimum of 150 days and is growing. There might be some variation in data retention rates over the next few weeks.
To view activities and alerts on the identity timeline within a specific time frame, select the default 30 Days and then select Custom range. Filtered data from more than 30 days ago is shown for a maximum of 7 days at a time.
Defender for Identity release 2.218
This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.