Event banner
Event details
94 Comments
- Trevor_Rusher
Community Manager
Thank you for joining our AMA today! We appreciate all the great questions and hope you learned something new! I'll be locking this event to new questions and sharing a summary of the questions and answers in this space in a bit. If you have any more comments/questions, we regularly engage on the Defender for Identity Discussion Space here: Microsoft Defender for Identity Tech Community.
Stay tuned for our next AMA with Microsoft Entra Permissions Management in a few weeks!
- Any new Assessments/Reports in Identity Security Posture in MDCA/MCAS going to be added? Also, will the Identity Security Posture blade be moving to M365 Defender?
Or TsemahMicrosoft
Yes, you can find them under Microsoft Secure Score, we’ve even recently published a new one regarding unsecure domain configurations, you can read about it here: New identity security posture assessment: Unsecure domain configurations - Microsoft Tech Community
- ATP portal provides a view of activities for devices, as far as I know Microsoft 365 Defender doesn't have that. Is there a plan to provide that kind of view in M365 Defender portal.
Daniel NaimDevice page in M365D should contain activities from both MDE (if you have it) and MDI.- Not exactly or I am missing something. For instance if you check a domain contoller in MDI console you see all kind of directory events, credential validations, logons etc. But on MDE you do not have that for the same device.
- What kind of MDI uptake/deployment is there for orgs that have E5. General idea about approximate percentage of orgs that have it but don't use it would be good to know.
- Ricky SimpsonInformation of this nature is typically released when Microsoft publicly discloses earnings. Any information beyond that is not something we can disclose.
In a previous Techcommunity post about Action Accounts and Response Actions, it mentions future functionality with "On-premises MFA". Any news that can be shared about that?
YaronParyantyWe are working on an integration with a partner to provide an "on-premises MFA” solution. Will be happy to schedule a session to present this direction and further discuss this
- are there any plans to provide MDI in a lower level licensing sku?
- Ricky SimpsonThere are no plans to share around this Dean. MDI will continue to be offered in the SKUs that it's available in.
- We see a lot of alerts with an actor......how can we figured out who or what is the actor.....shouldn't be there something like entity mapping f.e user, host or IP
- LiorShapiraSome of the network-based alerts don’t provide us with the actor because they only contain the IP from where the traffic was coming from but not the user. We are looking at ways to correlate events on the DC, but this doesn’t always present. If you have MDE, you can try using advanced hunting to correlate the endpoint data. In addition, you can investigate on the device page and make the correlation.
- What new or recent features or updates are in the pipeline that you'd like to draw our attention to?
- Ricky SimpsonWe’ve released some amazing new features recently, such as same day response to vulnerability disclosures, MDI response capabilities directly to on-premises Active Directory, and the inclusion of a new posture assessment that looks for values or settings that could be leaving the door wide open for attackers. We’re going to schedule a roadmap session for our Tech Community soon to share what we have planned for our next wave of releases. We’ll post about this in aka.ms/securitywebinars once we get it scheduled. Look for it sometime in July.
- Please share what's new link for MDI.
- When the 3 RBAC groups for MDI will be incorporated in RBAC within M365 Defender?
- Or TsemahWe will be starting a preview program soon regarding new granular RBAC controls for Defender for Identity as with the other defender workloads, replacing the need to set these roles in Azure AD groups.
- License question: do I need only 1 EMS E5 to get Defender for Identity enabled for whole AD via connector, or I have to get E5 for all users ?
- Ricky Simpson
To be fully compliant with licensing, you need a Defender for Identity license for each human being protected in the environment. This could be with an M365 E5 license, M365 E5 Security license, or standalone Defender for Identity license.
Yes, you could set up an entire organization with a single E5 license, but you would not be compliant, and this is not something I would recommend.
