Microsoft Defender for Identity is focused on protecting on-premises identities and allowing security analysts to pinpoint vulnerabilities before an attack can occur. A key feature that allows analysts to achieve this is by viewing the evidence relates to lateral movement paths in Defender for Identity. This information is provided through a visual guide that break downs the possible ways an advisory can move throughout an organization by compromising credentials.
A lateral movement occurs when an attacker begins to use non-sensitive accounts to gain access to sensitive entities - think a domain admin or a server containing sensitive information. If an attacker is successful in compromising sensitive entities, they can traverse the environment and eventually gain domain dominance.
To learn more about the different techniques attackers use to move laterally and how you can remediate these vulnerabilities, watch the video below.
The lateral movement paths view can be found in each individual's user page, available in the Microsoft 365 security center. You can also query information relating to lateral movement paths using Microsoft 365 Defender's advanced hunting function. More information on advanced hunting can be found on this docs page.