Identities have become an inherent part of modern security and the latest update to the Microsoft Defender XDR navigation further elevates Identity security within the SOC experience with a new dedicated section for the domain. As illustrated in the image below Defender for Identity customers will now see a section titled “Identities” which today encapsulates 3 new Identity specific pages or views.
1. ITDR Dashboard
The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations. Pulling relevant alerts and insights from across their identity footprint, this pane helps SOR teams better understand their identity posture and quickly manage potential identity-related security risks.
The page itself is broken down into 3 main areas. At the top users benefit from a visual representation of their unique identity landscape, breaking down the number and location of corporate identities across Entra ID, on-premises Active Directory and hybrid identities.
Just below this area is a section dedicated to critical recommended actions. Here users will see important steps they should take immediately to minimize risks, such as eliminating lateral movement paths and removing dormant accounts from sensitive groups.
The bottom section of the page consists of different cards each offering security professional’s a focused view into a specific element of their ITDR practice. These widgets offer identity-specific filters of broader security capabilities and serve as a jumping off point into other areas of the Defender XDR portal. For example, the “identity posture” card surfaces the Identity recommendations within Secure Score and the "Identity-Related Incidents" card highlights security incidents with identity elements or alerts. There are also some exciting new features available through these cards like the “highly privileged identities” widget which summarizes sensitive accounts within the environment, including Entra ID security administrators and global admin users. This consolidated view will give SOC teams additional insight to implement more targeted and effective management strategies, helping enhancing the organizations overall security posture. Similarly, the “deployment health” card offers info into both the deployment status, and overall health of Defender for Identity agents across the environment but also sheds some light into available licenses for Defender for Identity and Entra ID Protection.
For more information about this page and the available widgets, see the documentation here.
2. Health Issues
The existing “Health issues” page from “Settings” has now been elevated to its own standalone page within the identities tab. Here customers can find a deeper view into the deployment health of their Defender for Identity sensors and see any current issues and recommend fixes to help optimize their Defender for Identity protections.
This page provides links to helpful resources relating to Defender for Identity and ITDR. Here customers can find links to documentation and other resources like our capacity sizing tool and readiness script to help them better prepare and maintain their infrastructure and protections.
To conclude I want to again thank our dedicated customers, our teams mission is to improving the protections Defender for Identity provides and we could not do that without your continued support, suggestions, and feedback.