Microsoft Defender for Identity readiness guide

This article provides you with a readiness roadmap list of resources that help you get started with Microsoft Defender for Identity.

Understanding Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud service that helps identify and protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats.

To learn more about Defender for Identity:

Deployment decisions

Defender for Identity is comprised of a Cloud service residing in Azure, and integrated sensors that can be installed on domain controllers. If you are using physical servers, capacity planning is critical. Get help from the sizing tool to allocate space for your sensors:

Deploy Defender for Identity

Use these resources to help you set up Defender for Identity, connect to Active Directory, download the sensor package, set up event collection, and optionally integrate with your VPN, and set up honeytoken accounts and exclusions.

Defender for Identity settings

When creating your Defender for Identity instance, the basic settings necessary are configured automatically. There are several additional configurable settings in Defender for Identity to improve detection and alert accuracy for your environment, such as VPN integration, SAM required permissions, and advanced audit policy settings.

Work with Defender for Identity

After Defender for Identity is up and running, view security alerts in the Defender for Identity portal activity timeline. The activity timeline is the default landing page after logging in to the Defender for Identity portal. By default, all open security alerts are shown on the activity timeline. You can also see the severity assigned to each alert. Investigate each alert by drilling down into the entities (computers, devices, users) to open their profile pages with more information. Lateral movement paths show potential moves that can be made in your network and sensitive users at risk. Investigate and remediate exposure using the lateral movement path detection graphs. These resources help you work with Defender for Identity's security alerts:

Security best practices

Community resources

Blog: Defender for Identity blog

Public Community: Defender for Identity Tech Community

Private Community: Defender for Identity Yammer Group

Channel 9: Microsoft Security Channel 9 page

See Also