Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Identity in focus: Exploring the new ITDR experience within Microsoft Defender
Published Jan 12 2024 01:28 PM 3,886 Views
Microsoft

Earlier this year I shared the news that the features and functionality of Microsoft Defender for Identity had been converged into Microsoft Defender XDR and were now a core part of that experience. Today I am excited to discuss some new enhancements to how our customers can find and engage with their Identity security capabilities.  

 

New navigation

Identities have become an inherent part of modern security and the latest update to the Microsoft Defender XDR navigation further elevates Identity security within the SOC experience with a new dedicated section for the domain. As illustrated in the image below Defender for Identity customers will now see a section titled “Identities” which today encapsulates 3 new Identity specific pages or views. 

 

1. ITDR Dashboard

 

image (1).png

 

The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations. Pulling relevant alerts and insights from across their identity footprint, this pane helps SOR teams better understand their identity posture and quickly manage potential identity-related security risks.  

 

The page itself is broken down into 3 main areas. At the top users benefit from a visual representation of their unique identity landscape, breaking down the number and location of corporate identities across Entra ID, on-premises Active Directory and hybrid identities.

 

Just below this area is a section dedicated to critical recommended actions. Here users will see important steps they should take immediately to minimize risks, such as eliminating lateral movement paths and removing dormant accounts from sensitive groups.

 

The bottom section of the page consists of different cards each offering security professional’s a focused view into a specific element of their ITDR practice. These widgets offer identity-specific filters of broader security capabilities and serve as a jumping off point into other areas of the Defender XDR portal. For example, the “identity posture” card surfaces the Identity recommendations within Secure Score and the "Identity-Related Incidents" card highlights security incidents with identity elements or alerts. There are also some exciting new features available through these cards like the “highly privileged identities” widget which summarizes sensitive accounts within the environment, including Entra ID security administrators and global admin users. This consolidated view will give SOC teams additional insight to implement more targeted and effective management strategies, helping enhancing the organizations overall security posture. Similarly, the “deployment health” card offers info into both the deployment status, and overall health of Defender for Identity agents across the environment but also sheds some light into available licenses for Defender for Identity and Entra ID Protection.

For more information about this page and the available widgets, see the documentation here

 

2. Health Issues

The existing “Health issues” page from “Settings” has now been elevated to its own standalone page within the identities tab. Here customers can find a deeper view into the deployment health of their Defender for Identity sensors and see any current issues and recommend fixes to help optimize their Defender for Identity protections.

For more information, see Microsoft Defender for Identity health alerts.

 

3. Tools

 

Tools page screenshot.png

This page provides links to helpful resources relating to Defender for Identity and ITDR. Here customers can find links to documentation and other resources like our capacity sizing tool and readiness script to help them better prepare and maintain their infrastructure and protections.  

 

Check out our updated documentation to learn more about these new updates and follow the What’s New page to keep up with the coming enhancements and new widgets the team is working on. 

 

To conclude I want to again thank our dedicated customers, our teams mission is to improving the protections Defender for Identity provides and we could not do that without your continued support, suggestions, and feedback. 

Co-Authors
Version history
Last update:
‎Jan 12 2024 01:27 PM
Updated by: