cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Heike Ritter
Microsoft

‎Mar 30 2023 09:17 AM - edited ‎Mar 31 2023 01:10 AM

‎Mar 30 2023 09:17 AM - edited ‎Mar 31 2023 01:10 AM

Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

For this episode, your opportunity to win a plush ninja cat is the following –

Our season finishes here! After learning about this last topic, tell us your thoughts on the Microsoft 365 Defender approach to ITDR.

 

This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.

29.2K Views
2 Likes
12 Replies
Reply
12 Replies
JamieLiu5005

‎Mar 30 2023 09:27 AM

‎Mar 30 2023 09:27 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Thank you, Heike, your team, and all speakers for the amazing Ninja training! Looking forward to the next season!
1 Like
Reply
ruudolfs

‎Mar 30 2023 09:39 AM

‎Mar 30 2023 09:39 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Thank you for the session! What I particularly love is recognizing that ITDR is a team sport. Generally speaking, I have seen lots of fragmentation, where one team has no idea what the other one is doing. Especially where there are tools or services that are used within one team in the company, and broadly speaking IT would have no idea about it. Seeing lots of different apps and identity providers listed in the demo was great.
Teaming up and sharing relevant information - that is a real force multiplier and enables everyone to be more effective!
0 Likes
Reply
Douglas_Young

‎Mar 30 2023 02:32 PM

‎Mar 30 2023 02:32 PM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

@Heike Ritter I Really like the ITDR. Its nice to have a place to look at all the logins, the risk score, and why they scored high. If you do spot a true positive risk for a user you need to be able to quickly disable their AD account and you can do it within a few clicks, it really makes the ITDR portal of great value. Thanks for the great info!

0 Likes
Reply
Praveen718

‎Mar 31 2023 01:49 AM - edited ‎Mar 31 2023 06:09 PM

‎Mar 31 2023 01:49 AM - edited ‎Mar 31 2023 06:09 PM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Hey@Heike Ritter 
The ITDR module is one of the important components when it comes to M365D, the ITDR helps us to prioritize things, add more context and gives us a timeline of the things. Whenever an incident occurs, the first thing anyone would be checking is:
"What is happening?"
"Who is the user associated?"
"What are the devices associated?"
and able to answer them all via the ITDR portal is so helpful.
Corelating many alerts, automating them and finally combining them to an incident and giving them a risk level score is one of the components I like, and this helps analysts when it comes to Proactive hunting.

 

Also @Heike Ritter and team, loved all the episodes, Keep'em coming. Looking forward.
Best,
Praveen A 

0 Likes
Reply
juliebiggs

‎Mar 31 2023 03:46 AM

‎Mar 31 2023 03:46 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Great episode and a lot of food for thought. I love the unified approach of Defender's ITDR, combining information from all of the Defender components to provide extended detection and response across domains. It makes my job much easier!
1 Like
Reply
iliaswhoelse

‎Apr 02 2023 02:47 PM - edited ‎Apr 02 2023 02:53 PM

‎Apr 02 2023 02:47 PM - edited ‎Apr 02 2023 02:53 PM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

I want to reach out and express my gratitude for the Virtual Ninja Training. The shared insights and expertise in the different area's of Microsoft products have been incredibly valuable to me and I'm sure to many others who watched the training.

 

I believe that the Microsoft 365 Defender approach to ITDR is comprehensive and proactive, providing organizations with the tools they need to protect against a range of identity-related attacks. The solution's focus on identity protection is especially critical given the increasing prevalence of identity theft and fraud in today's digital landscape. 

1 Like
Reply
best response confirmed by MSTechie (Microsoft)
MSTechie

‎Apr 03 2023 01:46 AM

‎Apr 03 2023 01:46 AM

Solution

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

My favourite quote of the session was "securing identities is a team sport", I love how Microsoft is encouraging organisations to ensure the identity team and SOC team work together as one to protect their environments better and protect identities where ever the are and providing protection across different identity providers.
1 Like
Reply
kgs0-0

‎Apr 04 2023 04:46 AM

‎Apr 04 2023 04:46 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Great show, cannot wait for Season 4!

In terms of M365 Defender approach to ITDR:
The whole defender 365 solution in terms of identity investigation is evolving so fast that it only makes me smile. (Talking from the SOC Operative perspective).
Although I have noticed that sometimes the metrics, such as “Investigation Priority” is not accurate and seems like guessing game, as for some users “High Priority” is not justified, as from the investigation no abnormal behaviour was noticed.
Apart from that, great feature :)

Another feature that “bring joy” are the merge of response actions that blue teamers can do from the identity tab in Defender.
Marking the user as Compromised instead of rushing to the Identity Protection - Cool!
Forcing User Password Reset instead of rushing to AAD - Cool!
Disabling user account and banishing them to shadow realm - Super Cool! :D

Waiting for new stuff to come!
1 Like
Reply
Peter_Knies

‎Apr 05 2023 10:53 AM

‎Apr 05 2023 10:53 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

I find it great that all the information about a user is summarized in a managemen console. All the indentities in one console and with the Secure Score I can find exactly the candidates that I need to look at more closely and here you can also dig deeper and have all the information together. My Security Engineer will it like so much
1 Like
Reply
NinjaCatFan

‎Apr 10 2023 11:46 AM

‎Apr 10 2023 11:46 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

@Heike Ritter thank you and the Defender Tech Community team for the past season of the Ninja Cat Show! It has been a thrill to watch it.

 

My thoughts on the Defenders ITDR-approach from an operator standpoint are how simple it is to first set up for the whole organization and gain valuable insight into the identity risk brought by either a rogue user or stolen credentials. ITDR enriches the identity data in an abnormal situation involving any sort of identity, no matter if it's an actual user, shared mailbox, service account or anything else in cloud, on-prem or external. Risk scores are also a very nice way to display how the user is regurarly acting and if there is some big variance all of a sudden.

1 Like
Reply
Shuchika_Bhanot

‎Apr 11 2023 12:05 PM

‎Apr 11 2023 12:05 PM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

@Heike Ritter 

 

Microsoft 365 Defender approach to ITDR

ITDR :- It provides the amazing integration and automation between Identity providers (identity admin-covering MS & non-MS solution providers) and identity protection (SOC- analyst) 

It helps in solving the biggest problem in the identity space during attack eg. Along with taking right remediation with the Defender solution , there is detailed investigation on the attack can be done through SOC which provides the critical details of attack.

0 Likes
Reply
Robert Young

‎Apr 12 2023 06:41 AM

‎Apr 12 2023 06:41 AM

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

Microsoft has done a great job with ITDR in Defender. I have been using these tools to identify possible threats within our environment and with its tight integration with our IMS, it makes filtering out possible false positives easy so I can focus more on the alerts that need attention.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by MSTechie (Microsoft)
MSTechie

‎Apr 03 2023 01:46 AM

‎Apr 03 2023 01:46 AM

Solution

Re: Ninja Cat Giveaway: Episode 10 | Identity Threat Detection and Response

My favourite quote of the session was "securing identities is a team sport", I love how Microsoft is encouraging organisations to ensure the identity team and SOC team work together as one to protect their environments better and protect identities where ever the are and providing protection across different identity providers.

View solution in original post

1 Like
Reply