Microsoft Defender for Identity's identity security posture assessments
Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true with regards to use of unsupported or outdated components.
While your company may invest significant time and effort on hardening identities and identity infrastructure (such as Active Directory, Active Directory Connect) as an on-going project, it is easy to remain unaware of common misconfigurations and use of legacy components that represent one of the greatest threat risks to your organization. Microsoft security research reveals that most identity attacks utilize common misconfigurations in Active Directory and continued use of legacy components (such as NTLMv1 protocol) to compromise identities and successfully breach your organization. To combat this effectively, Microsoft Defender for Identity now offers proactive identity security posture assessments to detect and suggest improvement actions across your on-premise Active Directory configurations.
What do Defender for Identity identity security posture assessments provide?
- Detections and contextual data on known exploitable components and misconfigurations, along with relevant paths for remediation.
- Defender for Identity detects not only suspicious activities, but also actively monitors your on-premise identities and identity infrastructure for weak spots, using the existing Defender for Identity sensor.
- Accurate assessment reports of your current organization security posture, enabling quick response and effect monitoring in a continuous cycle.
How do I get started?
Defender for Identity security assessments are available using the Microsoft Cloud App Security portal after turning on the Defender for Identity integration. To learn how to integrate Defender for Identity into Cloud App Security, see Defender for Identity integration.
Accessing Defender for Identity security assessment reports in Cloud App Security do not require a Cloud App Security license, only a Defender for Identity license is required.
Access Defender for Identity using Cloud App Security
See the Cloud App Security quick start to familiarize yourself with the basics of using the Cloud App Security portal.
Identity security posture assessments
Defender for Identity offers the following identity security posture assessments. Each assessment is a downloadable report with instructions for use and tools for building an action plan to remediate or resolve.
- Domain controllers with Print Spooler service available
- Dormant entities in sensitive groups
- Entities exposing credentials in clear text
- Microsoft LAPS usage
- Legacy protocols usage
- Riskiest lateral movement paths (LMP)
- Unmonitored domain controllers
- Unsecure account attributes
- Unsecure Kerberos delegation
- Unsecure SID History attributes
- Weak cipher usage
To access identity security posture assessments:
- Open the Microsoft Cloud App Security portal.
- Select Investigate from the left menu, then click Identity security posture from the drop-down menu.
- Click the identity security posture assessment you wish to review from the Security assessment reports list that opens.