Protect Active Directory with Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud-based security solution that can identify attack signals in Active Directory. The solution leverages traffic analytics and user behavior analytics on domain controllers and AD FS servers to prevent attacks by providing security posture assessments. Additionally, it helps expose vulnerabilities and lateral movement exploitation paths.

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.


Latest posts by Brandon Lee (see all)

Contents of this article

Microsoft Defender for Identity has its roots in Azure, as well as in the former Advanced Threat Protection (Azure ATP). Therefore, organizations do not have to house the security solution on-premises aside from the sensor installed on the domain controllers. It is helpful to provide clear steps to resolve misconfigurations.

Microsoft Defender for Identity helps boost cybersecurity posture in the following four security pillars:

Prevent—From the moment it's installed, it starts monitoring the Active Directory environment. This includes assessing the security configuration and AD schema. It provides recommendations on how to best protect the environment to prevent security from being compromised in the first place.

Detect—It provides real-time analytics and data intelligence. This includes monitoring network activity, Windows events, and other metrics to provide real-time alerts to SecOps to provide the evidence needed to understand the threat and mitigate it effectively.

Inve ..

Support the originator by clicking the read the rest link below.