Microsoft Defender for Identity-Describe security, compliance, privacy, and trust in Microsoft 365

Microsoft Defender for Identity, formerly known as Azure Advanced Threat Protection (Azure ATP), is a product that protects the identities stored in Active Directory. There was at one time a separate Defender for Identity management portal, but the interface has now been integrated into the Microsoft 365 Defender portal.

Defender for Identity monitors the Active Directory communications involved in identity creation, management, authentication, and authorization and creates a profile of each user’s identity-related activities. The signal is then sent to Microsoft 365 Defender, which collates it with the signals from the other Defender products, as shown in Figure 3-22, to create a comprehensive picture of any attacks that occur. The identity information gathered by Defender for Identity is a crucial contributor to the overall security context developed by Microsoft 365 Defender.

FIGURE 3-22 Microsoft Defender for Identity architecture

Defender for Identity also helps administrators reduce the existing identities’ attack surface by generating reports that suggest configuration best practices and identify potential weaknesses.

Defender is also aware of the tendency of attackers to attempt to compromise low-privilege identities and then move laterally within the network to gain access to more sensitive information. By detecting identities that have been compromised and analyzing the signals generated by Active Directory, Defender for Identity can track these lateral movements and identify other accounts that might have been compromised.

One of the biggest problems for IT security personnel in the enterprise is the overabundance of alerts, particularly in identity security. For example, every sign-on failure can generate an alert, which might result from an attempted attack or just a misspelled password by a user. Defender for Identity’s analytical capabilities helps reduce the number of alerts brought to the attention of administrators by identifying only those relevant to the network’s attack posture and creating a detailed attack timeline that omits the irrelevant.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.