Microsoft Defender for Identity AMA

Microsoft Defender for Identity (MDI) is an integral part of Microsoft 365 Defender (M365D). Unlike other solutions in the market, MDI is meshed into M365D and not loosely integrated to it. This allows us to provide a holistic end-to-end experience that is greater than the sum of its parts. Signals and data from endpoints, applications, on-premises and cloud identities, Office 365 and much more are all streaming to the same data lake allowing M365D to perform smart and powerful correlation, reduce friction, save time and empowers the SOC team to work much more efficiently. It also provides unified experience across all different workloads including the threat hunting experience, investigation experience, remediation and so on. Detection of new vulnerabilities and attacks is a key element in MDI work. We are constantly looking for newly published threats as well as researching for tools and methods that weren’t disclosed yet to try and stay ahead of the attackers as much as possible. The MDI sensor is also optimized for enterprise environments, running with a low footprint on Active Directory and ADFS servers and contains self-healing and self-destruction mechanisms to protect overloading the underlying services that may be running on the server.