Microsoft Defender for Identity
Microsoft Defender for Identity (MSDI) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
MSDI enables security professionals struggling to detect advanced attacks in hybrid environments to:
- Monitor and profile user behavior and activities – MSDI monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user.
- Protect user identities and reduce the attack surface – MSDI provides you invaluable insights on identity configurations and suggested security best-practices. Through security reports and user profile analytics, MSDI helps dramatically reduce your organizational attack surface, making it harder to compromise user credentials, and advance an attack.
- Identify suspicious activities and advanced attacks across the cyber-attack kill-chain – Typically, attacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets – such as sensitive accounts, domain administrators, and highly sensitive data. MSDI identifies these advanced threats at the source throughout the entire cyber-attack kill chain.
- Investigate alerts and user activities – MSDI is designed to reduce general alert noise, providing only relevant, important security alerts in a simple, real-time organizational attack timeline.
For more information, read What is Microsoft Defender for Identity?