Microsoft Defender for Identity

• Formerly it was known as - Azure Advanced Threat Protection
• This Azure service protects your hybrid environments from different types of external as well as insider cyber-attacks.
• This cloud service uses your on-premises Active Directory signals to identify, detect and investigate compromised identities, advanced threats, and malicious insider actions directed at your organization.
• Defender for Identity enables security admins to:
  • Monitor users, their behavior, and their activities.
  • Protect user identities and credentials stored in Active Directory.
  • Identify and Investigate suspicious user activities.
  • Clear-cut issue information for fast triage.
• Defender for Identity identifies rogue users who are trying to search for information like username, IP address, users’ group memberships, using different methods.
• This service will identify the cases where attackers are trying to use brute force attacks, failed authentication attempts, user group membership changes, etc.…
• It detects the lateral movements inside the network to get control of sensitive users, any attempt of using methods like Pass the Ticket, Pass the Hash, Overpass the Hash, and more.
• This service highlights domain dominance attacks like code execution on the domain controller, domain controller replication, golden ticket activities, and more…
• This service reduces unnecessary alerts, and it provides only relevant important security alerts.