Event banner

Microsoft Defender for Identity AMA

Event Ended
Wednesday, Jun 29, 2022, 09:00 AM PDT
In-Person

Event details

We are very excited to announce our Microsoft Defender for Identity AMA!   An AMA is a live text-based online event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. This AMA giv...
Trevor_Rusher
Updated Jun 29, 2022
microsoft defender for identity
Eric JENOUVRIER's avatar
Eric JENOUVRIER
Iron Contributor
Jun 14, 2022
Microsoft Defender for Identity is capturing IdentityLogonEvent for Kerberos, Ntlm, ... and Bind Ldap (clear text password), but what about LDAPS ? bind ldap (over TLS/ldaps) are not capture within Hunting Database. Is there some plan to have some eventId within Active Directory and/or evolution on MDI probe to capture bind ldap over LDAPS ?
  • Umm_Kulth101's avatar
    Umm_Kulth101
    Copper Contributor
    Jun 28, 2022
    interested
    • Daniel Naim's avatar
      Daniel Naim
      Iron Contributor
      Jun 29, 2022

      Defender for Identity collects and stores information from your configured servers. Information collected includes network traffic to and from domain controllers (such as Kerberos authentication, NTLM authentication, DNS queries), security logs (such as Windows security events), Active Directory information (structure, subnets, sites), and entity information (such as names, email addresses, and phone numbers). Defender for Identity now does not have visibility to queries of LDAPS connections. We recently added the ability to gather the LDAP queries done via Active Directory Web Services. We are also looking at a method to see the encrypted traffic from pure LDAPS. https://docs.microsoft.com/en-us/defender-for-identity/whats-new#defender-for-identity-release-2180

Date and Time
Jun 29, 20229:00 AM - 10:00 AM PDT