Microsoft Defender for Identity

• Formerly Azure Advanced Threat Protection (ATP)
• Cloud-based security solution that identifies, detects, helps you investigate threats.
• Capable of detecting known malicious attacks and techniques, security issues such as compromised identities, and risks/threats against your network.
• Can be integrated with on-premises Microsoft Defender ATP

Microsoft Defender for Identity components

Microsoft Defender for Identity portal

• Own portal at portal.atp.azure.com
  • ❗ User accounts must be assigned to an Azure AD security group that has access to the Azure ATP portal to be able to sign in.
• Through it you can monitor and respond to suspicious activity.
• Allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors.
• Monitor, manage, and investigate threats in your network environment.

Microsoft Defender for Identity sensor

• Sensors are installed directly on your domain controllers.
• 📝 Monitors domain controller traffic without requiring a dedicated server or configuring port mirroring.

Microsoft Defender for Identity cloud service

• Runs on Azure infrastructure
• Deployed in the United States, Europe, and Asia.
• Connected to Microsoft Intelligent Security Graph
  • Threats signals are seamlessly shared across all the services in Microsoft 365 Defender, 6.5 trillion signals daily.
    • Microsoft 365 Defender
      • Formerly known as Microsoft Threat Protection
      • Consists of different Azure security services
      • E.g. Office ATP, Microsoft Defender ATP, SmartScreen, Exchange Online Protection (EOP)
  • Provides comprehensive security across multiple attack vectors.
  • Allows you to use Microsoft Graph Security API
    • Connects Microsoft security products, services, and partners
    • Can be used to
      • streamline security operations
      • improve threat protection, detection, and response capabilities.