Forum Discussion
Defender for Identity Learning Period
There is no documentation around Learning Period. Most of articles I've skimmed through mentions toggle this and that, but there is no clear documentation on how we can verify if learning period is o...
Good info but couple of questions:
1. How do we validate if learning period is completed?
2. Where can we extract post learning period baseline behavioral datasets?
1. How do we validate if learning period is completed?
2. Where can we extract post learning period baseline behavioral datasets?
logger2115 After the 21-30 day window, check if baseline-related alerts are being triggered.
Monitor for behavior-based alerts like "Unusual Protocol Activity" or "Lateral Movement Path."
Extracting Baseline Behavior Data:
Use Azure Sentinel or SIEM integration for detailed datasets.
Check Entity Profiles and alerts in the portal for insights into post-baseline behaviors.
Utilize PowerShell for pulling alerts and understanding deviations.