What's New in Microsoft Defender for Identity in December 2023

Reading Time: 2 minutes

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory, AD FS, and Certification Authority (CA) admins to investigate and remediate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

 

New Identities area and dashboard in Defender XDR Preview

Organizations with Defender for Identity now have a new Identities area in Microsoft Defender XDR (formerly known as Microsoft 365 Defender) for information about identity security with Defender for Identity.

In Microsoft Defender XDR, select Identities to see any of the following new pages:

  • Dashboard: Shows graphs and widgets to help you monitor identity threat detection and response activities.
  • Health issues: Now moved from the Settings > Identities area, and lists any current health issues for your general Defender for Identity deployment and specific sensors.
  • Tools: Links to helpful information and resources when working with Defender for Identity, including links to documentation, specifically on the capacity planning tool, and the Test-MdiReadiness.ps1 script.

 

Security posture assessments for AD CS sensors Preview

Defender for Identity's security posture assessments proactively detect and recommend actions across your on-premises Active Directory configurations.

Recommended actions now include the following new security posture assessments, specifically for certificate templates and certificate authorities.

  • Certificate templates recommended actions:
    • Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)
    • Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)
    • Misconfigured enrollment agent certificate template (ESC3)
    • Edit misconfigured certificate templates ACL (ESC4)
    • Edit misconfigured certificate templates owner (ESC4)
  • Certificate authority recommended actions:
    • Edit vulnerable Certificate Authority setting (ESC6)
    • Edit misconfigured Certificate Authority ACL (ESC7)
    • Enforce encryption for RPC certificate enrollment interface (ESC8)

The new assessments are available in Microsoft Secure Score, surfacing security issues and severe misconfigurations that pose risks to the entire organization, alongside detections. Your score is updated accordingly.

Note:
While certificate template assessments are available to all organizations that have Active Directory Certificate Services (AD CS) installed in their environment, certificate authority assessments are available only to organizations who've installed a sensor on an Windows Server-based Certification Authority (CA).

 

Defender for Identity release 2.224

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

 

Defender for Identity release 2.223

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

 

Defender for Identity release 2.222

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

 

Defender for Identity release 2.221

This version includes improvements and bug fixes for cloud services and the Defender for Identity sensor.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.