We are thrilled to announce the general availability of the new response actions in Microsoft Defender for Identity, targeting on-premises Active Directory accounts in the event that an identity is c...
Updated Mar 30, 2022
Version 1.0
Blog Post
Daniel Naim is it possible to automatically apply response actions automatically based on risk level. If MDI flags a user as high risk, currently I have a conditional access policy in place that will block access - this is great but only protects Azure/O365 and does nothing for our hybrid on-prem AD.
If I change this CA policy to block access AND require password change, will this apply as the "reset user password" response action back to on-premises AD automatically?
I am looking at ways to trigger "reset user password" or "disable user" actions automatically in a hybrid environment if the user is high risk, is this possible? We don't have a 24x7 SoC so we don't always have someone available to manually click any of the response actions when alerts are triggered, wondering if it's possible to automate this response action?