Secure Active Directory with Microsoft Defender for Identity

• Microsoft Defender for Identity is a hosted service designed to help organizations discover malicious activities within their network.
• It has a considerable deployment impact and requires extensive user subscription licensing.
• Microsoft Defender for Identity replaces Advanced Threat Analytics on-premises software and provides improved analysis.

Microsoft Defender for Identity (previously Azure Advanced Threat Protection) captures, parses, and analyzes traffic of key unencrypted network protocols. It examines authentication, authorization, and other activities for indicators of potentially suspicious behavior by a user or on a device. These functions put Microsoft Defender for Identity in the category of a user behavioral analytics solutions, which Microsoft sometimes simply refers to as behavioral analytics.

Microsoft Defender for Identity looks for several distinct types of user behavior to help find and highlight potential intruders—ideally, before they have a chance to establish themselves within the organization’s systems. In particular, Microsoft Defender for Identity watches for: