Professional labs

Microsoft Defender for Identity

Evaluate and Track User Activity and Behaviour

The cloud-based security solution Microsoft Defender for Identity (formerly known as Azure ATP) uses signals from your on-premises Active Directory to detect and investigate advanced threats, compromised identities, and harmful insider acts.

Professional Labs analysts and security professionals having trouble detecting advanced attacks in hybrid environments might use Microsoft Defender for Identity.

  • Learning-based analytics can be used to keep tabs on user and entity activity and behavior.
  • Safeguard Active Directory login information
  • Locate and probe malicious user behavior and sophisticated attacks across the kill chain.
  • Provide concise details about the occurrence on a straightforward chronology to facilitate quick triage.

What Does Microsoft Defender for Identity Do?

Microsoft’s Defender for Identity technology monitors cyber threats across several attack phases.

  • Lateral movement cycle, when a hacker spends significant time and energy increasing their potential points of entry into your network.
  • Reconnaissance, while the attackers learn the structure of the environment, the assets there, and the types of entities that exist. They are, more broadly speaking, preparing for the later stages of the attack.
  • Domain dominance (persistence), when an attacker obtains the data they need to continue their campaign using previously compromised accounts, credentials, and other methods.

Whether your infrastructure is on-premises, in the cloud, or combined, Microsoft Defender for Identity can help you identify and analyze sophisticated assaults and insider threats to keep malicious actors out.

Defender for Identity may establish a behavioral baseline for each user using your network’s permissions and group membership data. The adaptive built-in intelligence of Defender for Identity then recognizes anomalies, providing you with a window into potentially malicious activities and events that expose the advanced attacks, compromised users, and insider threats plaguing your business. Defender for Identity’s patented sensors keeps tabs on enterprise domain controllers, revealing every action taken by every user on any device.

Defender for Endpoint protections

Using a three-pronged approach (recon, lateral movement cycle, and persistence), Defender for Identity scans network traffic for signs of account attacks and other suspicious behavior. Defenders for Endpoint can detect sophisticated cyber attacks by comparing warnings for known and unknown adversaries.

Domain controller traffic is monitored by Defender for Identity, while Defender inspects endpoint devices for Endpoint. Combining the two solutions into a single interface for monitoring warnings is possible by configuring them in the Microsoft Defender for Identity portal.

Microsoft Defender for Identity from Professional Labs offers the following benefits:

Pass-the-Ticket and Pass-the-Hash attacks, DNS reconnaissance, odd protocols, malicious service creation, and other forms of network intrusion are all things that Microsoft Defender for Identity can help you detect and investigate.

With Microsoft Defender for Identity, your business is safeguarded from common and uncommon attack methods.

With Microsoft Defender for Identity, sophisticated assaults and insider threats are uncovered before they can harm your business. This is accomplished by focusing on multiple stages of the cyber-attack kill chain, such as reconnaissance, the lateral movement cycle, and domain dominance.

Microsoft Defender for Identity enables the use of dummy accounts designed to monitor and record suspicious network activities.


Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

  • To access the Defender for Cloud Applications settings, click the settings button.
  • Choose Microsoft Defender for Identity from the drop-down menu labeled Threat Protection.
  • Click the Save button after enabling Microsoft Defender to share identity info.

With Defender for Identity, you’ll only get the most critical security alerts in a straightforward, real-time attack timeline. Defender for Identity’s attack timeline view makes it simple to zero in on what’s important by employing the power of sophisticated analytics.

Integration with other Microsoft XDR products, such as Microsoft 365 Defender and Cloud App Security, is supported by Defender for Identity. However, Azure Active Directory Identity Protection exists only in the Azure cloud and is dedicated to protecting Azure Active Directory deployments from external threats.