What is Microsoft Defender for Identity?
Your organization has many systems and devices across multiple locations. Users in your organization use their devices 24 hours a day, seven days a week. Your users must be protected to protect your systems and, ultimately, your organization. As a member of the security team, you want to get a basic understanding of Microsoft Defender for Identity to find out if it can help you to detect threats across your organization's systems.
Use Microsoft Defender for Identity to protect your users' identities
Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to enable you to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Microsoft Defender for Identity feeds into Microsoft Defender XDR alongside Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps. You can use it with these other solutions to get a comprehensive view of your security landscape.
With Microsoft Defender for Identity, you can take advantage of several key features to detect threats including:
- Advanced hunting is a threat hunting tool that you can use to search for known and potential threats across your network. With advanced hunting, you can use query-based analytics to search up to 30 days of data from all of the Microsoft Defender XDR products.
- Incident correlation enables you to aggregate data across all your devices and users at scale, to review incidents including their related alerts, assets, and investigations.
- Custom detections enable you to create customized alerts using advanced hunting queries. The custom detections can be scheduled to run at regular intervals to ensure that you are notified if a threat is detected. Furthermore, automatic response actions can be configured to respond to the alerts.