Image by Kaitlyn Baker

Microsoft Defender for Identity

Microsoft Defender for Identity

Microsoft Defender for Identity is a security solution that helps to detect and investigate advanced attacks and insider threats across on-premises, cloud, and hybrid environments, stopping attackers from gaining access to your system. Microsoft Defender for Identity takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization and build a behavioral profile about them.

What Does Microsoft Defender for Identity Do?

Microsoft Defender for Identity technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:


Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.


Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. They are generally building their plan for the next phases of the attack.


Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various sets of entry points, credentials, and techniques.

Image by freestocks
Image by NESA by Makers

The Top Four Benefits of Microsoft Defender for Identity:

  1. Microsoft Defender for Identity helps you to identify and track any malicious activities in your environment, including Pass-the-Ticket, Pass-the-Hash, horizontal or vertical brute force attacks, DNS reconnaissance, unusual protocols, malicious service creation, and others.

  2. Microsoft Defender for Identity protects your organization from both known and unknown attack vectors before they cause damage to your organization.

  3. Microsoft Defender for Identity focuses on several phases of the cyber-attack kill chain, including reconnaissance, lateral movement cycle, and domain dominance, and detects advanced attacks and insider threats before they can cause damage to your organization.

  4. Microsoft Defender for Identity allows you to install decoy accounts that are set up for the sole purpose of identifying and tracking malicious activity – within your network.

Azure Advanced Threat Protection