Microsoft Defender for Identity

microsoft

Cloud-based security solution that uses on-premises Active Directory signals to detect advanced threats.

What is Microsoft Defender for Identity?

Defender for Identity monitors Active Directory traffic to detect identity-based attacks including credential theft, lateral movement, and domain dominance. It identifies reconnaissance activities, compromised credentials, and suspicious behaviors that indicate advanced persistent threats. Integration with Microsoft 365 Defender provides cross-domain correlation.

In Microsoft 365

Defender for Identity sensors deploy on domain controllers and AD FS servers. It detects Pass-the-Hash, Pass-the-Ticket, Kerberoasting, and other AD attacks. Alerts integrate with Microsoft 365 Defender for unified incident management.

Examples

  • 1Detection of NTLM relay attack
  • 2Identification of suspicious service creation
  • 3Alert on reconnaissance using SAMR protocol

Related TrueConfig Controls

These controls help implement and verify microsoft defender for identity in your Microsoft 365 environment.

LOG-03Stream All Security Events to SIEM in Real-TimeGOV-04Automate Threat Response with SOAR

Frequently Asked Questions

What is Microsoft Defender for Identity?
Cloud-based security solution that uses on-premises Active Directory signals to detect advanced threats.
How does Microsoft Defender for Identity work in Microsoft 365?
Defender for Identity sensors deploy on domain controllers and AD FS servers. It detects Pass-the-Hash, Pass-the-Ticket, Kerberoasting, and other AD attacks. Alerts integrate with Microsoft 365 Defender for unified incident management.
What are examples of Microsoft Defender for Identity?
Examples of Microsoft Defender for Identity include: Detection of NTLM relay attack, Identification of suspicious service creation, Alert on reconnaissance using SAMR protocol.
Which TrueConfig controls relate to Microsoft Defender for Identity?
TrueConfig controls related to Microsoft Defender for Identity include: LOG-03, GOV-04. These controls help implement and verify microsoft defender for identity in your environment.

Related Terms

Microsoft 365 Defender

Unified enterprise defense suite that provides integrated threat protection across endpoints, identities, email, and applications.

← Back to GlossaryBrowse Controls →