Microsoft Defender for Identity

microsoft, logo, ms-80660.jpg

Microsoft Defender for Identity is the Microsoft offical method of protecting Active Directory and on-premise infrastructure from cyber breach. Microsoft Defender for Identity integrates with Azure Arc to add many additional layers of telemetry to Microsoft Sentinel for SIEM and SOAR providing organisations with detection and response to both on-premise and cloud focused cyber attacks.

Microsoft Active Directory is typically the no. 1 target for a malicious actor, as gaining a foothold within a companies infrastructure requires discovery, persistence, lateral movement etc all of which require Active Directory credentials or privileged accounts to perform.

Microsoft as not been has generous in it’s documentation for Defender for Identity though and it is quite difficult to set up and configure correctly.

The linked article is one persons guide to setting up Microsoft Defender for Identity based on his own person experience.

https://dirteam-com.cdn.ampproject.org/c/s/dirteam.com/sander/2022/03/23/howto-programmatically-add-a-microsoft-defender-for-identity-action-account-to-active-directory/amp/

1 thought on “Microsoft Defender for Identity”

  1. Pingback: Microsoft Defender for endpoint server licensing - kicksec.io

Leave a Reply

Your email address will not be published.