Defender for Endpoint Helps Discover Unsecured AD Servers

• Active Directory servers not protected by Defender for Identity are high-value targets for attack because of their role.
• Defender for Endpoint can now help discover unprotected Active Directory identity servers, but Microsoft 365 E5 licenses are usually required.
• Discovery includes Active Directory servers in the following roles: Federation Services, Certificate Services, and Entra Connect servers.

Identity management servers running Active Directory (AD) Federation Services and Certificate Services play a critical role in on-premises infrastructure. Their legacy nature leads many organizations to neglect them, leaving them vulnerable to attacks and a common vector for successful breaches. A new feature included in Defender for Endpoint should help organizations discover key identity servers that are not yet protected by Microsoft’s AD-defense service, Defender for Identity. Although finding unprotected servers requires Defender for Endpoint, remediating requires Defender for Identity as well, making the solution relevant only for organizations licensed for Microsoft 365 E5.