Skip to content

Latest commit

 

History

History
38 lines (30 loc) · 2.12 KB

4.8. Microsoft Defender for Identity.md

File metadata and controls

38 lines (30 loc) · 2.12 KB

Microsoft Defender for Identity

  • Formerly Azure Advanced Threat Protection (ATP)
  • Cloud-based security solution that identifies, detects, helps you investigate threats.
  • Capable of detecting known malicious attacks and techniques, security issues such as compromised identities, and risks/threats against your network.
  • Can be integrated with on-premises Microsoft Defender ATP

Microsoft Defender for Identity components

Microsoft Defender for Identity portal

  • Own portal at portal.atp.azure.com
    • ❗ User accounts must be assigned to an Azure AD security group that has access to the Azure ATP portal to be able to sign in.
  • Through it you can monitor and respond to suspicious activity.
  • Allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors.
  • Monitor, manage, and investigate threats in your network environment.

Microsoft Defender for Identity sensor

  • Sensors are installed directly on your domain controllers.
  • 📝 Monitors domain controller traffic without requiring a dedicated server or configuring port mirroring.

Microsoft Defender for Identity cloud service

  • Runs on Azure infrastructure
  • Deployed in the United States, Europe, and Asia.
  • Connected to Microsoft Intelligent Security Graph
    • Threats signals are seamlessly shared across all the services in Microsoft 365 Defender, 6.5 trillion signals daily.
      • Microsoft 365 Defender
        • Formerly known as Microsoft Threat Protection
        • Consists of different Azure security services
        • E.g. Office ATP, Microsoft Defender ATP, SmartScreen, Exchange Online Protection (EOP)
    • Provides comprehensive security across multiple attack vectors.
    • Allows you to use Microsoft Graph Security API
      • Connects Microsoft security products, services, and partners
      • Can be used to
        • streamline security operations
        • improve threat protection, detection, and response capabilities.