Microsoft Defender
for Identity

Monitor and profile user behaviour and activities

Defender for Identity monitors and analyses user activity and information across an organisation’s network, such as group membership and permissions which allows for the creation of a behavioural baseline for each user. Defender for Identity then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organisation. Defender for Identity’s proprietary sensors monitor organizational domain controllers, providing a comprehensive view of all user activities from every device.

Reduce the attack surface and protect user identities

Through insights into user identities, Defender for Identity provides insights and configuration security best-practices and with the use of security reports, user profile analytics Defender for Identity helps reduce the attack surface of your organisation, making it harder for user credentials to be compromised and for advanced attacks to occur.

Identify suspicious activities and advanced cyber attacks

Most commonly, attacks are aimed at any accessible entity, in most cases a low-privileged user. Attackers then move laterally through the network until they are able to gain access to valuable assets, such as domain administrator accounts and Defender for Identity is designed to identify and protect against these threats.

Identify rouge reconnaissance

Advanced reconnaissance features in Defender for Identity allow rogue users and attackers to be identified as they attempt to again valuable organisational information such as user names, security groups, IP addresses and internal resources.

Identify compromised credentials

Quickly identify attempts to compromise user credentials through brute force attacks, failed authentications, user group membership changes and more.

Detect lateral movements

Detect attacks that mover laterally inside your organisation to gain further assess to higher privileged assets, such as domain administrator accounts, through the use of methods such as Pass the Hash, Overpass the Hash, Pass the Ticket and more.