Microsoft Defender for Identity extends ITDR capabilities to Okta identities

Identities are the organization’s new security perimeter and are a prime target for cyber-criminals. However, with today’s ever-evolving digital landscape, security leaders often wrestle with a tapestry of different identity solutions spanning multiple environments and vendors, making identity protection more challenging than ever.

Because of this, security professionals understand that identity threat detection and response (ITDR) is a fundamental piece of their security practice that helps them to comprehensively secure their unique identity fabric across identity solutions, environments, and vendors. 

What is changing?

Today, I am excited to announce that Microsoft Defender for Identity is extending its identity protection to protect Okta identities, that’s in addition to the already robust protection for on-premises Active Directory and Entra ID identities.

As a leader in both Identity (IAM) and security, Microsoft provides comprehensive visibility, posture recommendations, and detection and response capabilities for our customer’s unique identity fabric - now including Okta.

With these new protections from Defender, our customers will benefit from enhanced visibility and control for their Okta environments, including:  

• Holistic identity visibility – A unified identity inventory with correlated view of accounts across Active Directory, Entra ID, and Okta. For instance, a user with an Entra ID and an Okta account would appear as one entity - meaning SOC professionals can easily zoom into a specific identity to see all their related accounts, their privileges, and any related security alerts. This holistic perspective is crucial for maintaining robust security postures and allows IT and security teams to identify potential vulnerabilities across different platforms seamlessly.
   
• Identity Threat Detection and Response (ITDR) – Alert on identity threats in Okta and trigger corresponding response actions, including detection of lateral movement between on-premises and cloud environments. This capability is crucial for mitigating sophisticated attacks that seek to exploit the transition between different identity platforms. The integration will also surface Okta logs and data within the Advanced Hunting like we already do for Active Directory and Entra ID, allowing security teams to delve into threats across the different platforms in a single place. 
  
  
• Identity-specific posture recommendations (ISPM) - Expand the already robust set of identity security posture recommendations to include recommendations for Okta identities (e.g. dormant Okta accounts), and map how those posture gaps can be leveraged into attack paths. Adhering to these posture recommendations enables organizations to proactively prevent threats, rather than responding reactively.

How can I take advantage of these new capabilities?

Defender for Identity customers looking to take advantage of these new capabilities can read more here. Be advised that to get the full potential of enhanced integration, make sure your organization has Okta for Workforce with Identity Enterprise license.