Microsoft Defender for Identityuses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organizations. Defender for Identity monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user that is then used to identify anomalies using built-in AI.
Many of these capabilities help to address Cybersecurity Maturity Model Certification (CMMC) requirements across several Domains. For example Audit and Accountability (AU) 3.051 states DIB suppliers must "Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious or unusual activity." The insights provided by Microsoft Defender for Identity can help administrators identify suspicious activities and reveal advanced threats, compromised users, and insider threats. Defender for Identity also provides security reports and analytics to help quickly identify and assess paths of attack inside your organization.
With Microsoft Defender for Identity and the integration of Azure AD Identity Protection and Cloud App Security, monitoring and alerting can be applied for identities that span both on premises and in the cloud. Learn how Microsoft Defender for Identity uses adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. All of this and more can assist in meeting CMMC and DFARS requirements tied to NIST 800-171 / 53.
In this video famed Microsoft Security Architect and speaker @Matt Soseman (aka.ms/SosemanTV - 6K+ Subscribers) provides this excellent introduction to Microsoft Defender for Identity and how it addresses several key Practices and Domains within #CMMC.