Event banner
Event details
Hi sorry i will not be attend, I would really keen to understand
- what is the ETA to fully move everything to security.microsoft.com?
- Is there a plan to:
- alert on misconfiguration on the permissions of AD objects. Think domain user can modify a GPO that can make changes to a domain controller type, issues
- alert on someone taking advantage of such a misconfiguration
- Any plans to produce a single view of health issues in the MDI setup
- showing health status over time, not just alerts
- recommending things like:
- domain controller X the sensor has gone into bypass 10 in 30 days due to not enough memory. suggest you add memory
- What are the next detects we can expect to come.
- ie which are the areas in lateral movement used by attacker which MDI has poor or zero coverage of
Nice to see you here as well James 🙂
While some of legacy Defender of Identity features will not be converged (where there are features that have been superseded by functionality in Microsoft 365 Defender), the security.microsoft.com portal is now the main portal for Defender for Identity.
We are working with the Microsoft Secure Score team on having alert capabilities through that experience, not just for Defender for Identity security recommendations.
While health issues are part of Defender for Identity settings already, we are working on a new health view for all issues.
For the detection part – as you might have guessed, detections are something we always look into. Whether it’s improving existing detections or creating new ones. For the new detection part, we are challenging ourselves to look outside of just the Active Directory world by introducing detections on AD CS, ADConnect, Azure Active Directory and even external identity providers such as Okta. Obviously ‘classic Active Directory detections’ are still our top of mind with any new vulnerability or CVE that might affect Active directory.