{"id":40896,"date":"2021-05-15T07:42:33","date_gmt":"2021-05-15T07:42:33","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=40896"},"modified":"2022-04-06T04:43:03","modified_gmt":"2022-04-06T04:43:03","slug":"understanding-microsoft-defender-for-identity","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/","title":{"rendered":"Understanding Microsoft Defender for Identity"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-sc-900-microsoft-security-compliance-and-identity-fundamentals\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/strong><\/p>\n\n\n\n<p>In this, we will get an overview of Microsoft Defender for Identity and its features of protecting against attacks.<\/p>\n\n\n\n<p>Microsoft Defender for Identity (previously Azure Advanced Threat Protection, often known as Azure ATP) is a cloud-based security service that uses Active Directory signals on-premises to identify, detect, and investigate threats.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, advanced threats<\/li><li>Secondly, compromised identities<\/li><li>Lastly, malicious insider actions directed at your organization.<\/li><\/ul>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:<\/strong><\/h6>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>1. Monitor and profile user behavior and activities<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, a defender for Identity monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. <\/li><li>Secondly, it identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. <\/li><li>Lastly, the sensors monitor organizational domain controllers, providing a comprehensive view for all user activities from every device.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.testpreptraining.ai\/exam-sc-900-microsoft-security-compliance-identity-fundamentals-free-practice-test\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png\" alt=\"Practice tests Microsoft Defender for Identity\"\/><\/a><\/figure><\/div>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>2. Protect user identities and reduce the attack surface<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, the Defender for Identity provides you invaluable insights on identity configurations and suggested security best practices. <\/li><li>Secondly, it helps dramatically reduce your organizational attack surface, making it harder to compromise user credentials and advance an attack. <\/li><li>Thirdly, the Defender for Identity&#8217;s visual Lateral Movement Paths helps you understand exactly how an attacker can move laterally inside your organization to compromise sensitive accounts and assists in preventing those risks in advance. <\/li><li>Lastly, the security reports help you identify users and devices that authenticate using clear-text passwords and provide additional insights to improve your organizational security posture and policies.<\/li><\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>3. Protecting the AD FS in hybrid environments<\/strong><\/h5>\n\n\n\n<p>Defender for Identity protects the AD FS in your environment by detecting on-premises attacks on the AD FS and providing visibility into authentication events generated by the AD FS.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>4. Identify suspicious activities and advanced attacks across the cyber-attack kill-chain<\/strong><\/h5>\n\n\n\n<p>Attacks are often directed at any publicly available entity, such as a low-privileged user. The attacker will next travel laterally until he or she has access to important assets. This can include very sensitive data, sensitive accounts, and domain administrators. Furthermore, across the whole cyber-attack kill chain, the Defender for Identity recognises these sophisticated threats at the source:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, identify rogue users and attackers&#8217; attempts to gain information. Attackers are searching for information about user names, users&#8217; group membership, IP addresses assigned to devices, resources, and more, using a variety of methods.<\/li><li>Secondly, identify attempts for compromising user credentials using,<ul><li>Firstly, brute force attacks<\/li><\/ul><ul><li>Secondly, failed authentications<\/li><\/ul><ul><li>Lastly, user group membership changes<\/li><\/ul><\/li><li>Thirdly, detect attempts for moving laterally inside the network to gain further control of sensitive users, utilizing methods such as Pass the Ticket, Pass the Hash, Overpass the Hash, and more.<\/li><li>Lastly, highlighting attacker behavior if domain dominance is achieved, through remote code execution on the domain controller, and methods like DC Shadow, Golden Ticket activities, and more.<\/li><\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>5. Investigate alerts and user activities<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, the Defender for Identity helps in reducing general alert noise, providing only relevant, important security alerts in a simple, real-time organizational attack timeline. <\/li><li>Secondly, its attack timeline view allows you to easily stay focused on what matters, leveraging the intelligence of smart analytics. However, use Defender for Identity for,<ul><li>investigating threat<\/li><li>gaining insights across the organization for users, devices, and network resources. <\/li><\/ul><\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.testpreptraining.ai\/exam-sc-900-microsoft-security-compliance-identity-fundamentals-practice-exam\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-course.png\" alt=\"sc-900 online course\"\/><\/a><\/figure><\/div>\n\n\n\n<p><strong>Reference:<\/strong> <a href=\"https:\/\/docs.microsoft.com\/en-us\/defender-for-identity\/what-is\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><strong><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-sc-900-microsoft-security-compliance-and-identity-fundamentals\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to Tutorial In this, we will get an overview of Microsoft Defender for Identity and its features of protecting against attacks. Microsoft Defender for Identity (previously Azure Advanced Threat Protection, often known as Azure ATP) is a cloud-based security service that uses Active Directory signals on-premises to identify, detect, and investigate threats. Firstly,&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-40896","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Microsoft Defender for Identity - Testprep Training Tutorials<\/title>\n<meta name=\"description\" content=\"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Microsoft Defender for Identity - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-06T04:43:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/\",\"name\":\"Understanding Microsoft Defender for Identity - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2021-05-15T07:42:33+00:00\",\"dateModified\":\"2022-04-06T04:43:03+00:00\",\"description\":\"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding Microsoft Defender for Identity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Understanding Microsoft Defender for Identity - Testprep Training Tutorials","description":"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/","og_locale":"en_US","og_type":"article","og_title":"Understanding Microsoft Defender for Identity - Testprep Training Tutorials","og_description":"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2022-04-06T04:43:03+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2021\/05\/sc-900-tests.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/","name":"Understanding Microsoft Defender for Identity - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2021-05-15T07:42:33+00:00","dateModified":"2022-04-06T04:43:03+00:00","description":"Upgrade your knowledge by learning and understanding the Microsoft Defender for Identity. Prepare and pass the Microsoft SC-900 Exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/understanding-microsoft-defender-for-identity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Understanding Microsoft Defender for Identity"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=40896"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40896\/revisions"}],"predecessor-version":[{"id":54176,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/40896\/revisions\/54176"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=40896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=40896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=40896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}