microsoft defender for identity

241 Topics

The Microsoft Cloud App Security (MCAS) Ninja Training (March 2021 Update)
We’ve updated the MCAS Ninja Training since this post was published. For the latest version of the training, visit Microsoft Cloud App Security (MCAS) Ninja Training | September 2021 - Microsoft Tech Community.
Sarahzin_Shane
Nov 11, 2020 Place Microsoft Security Community Blog
225KViews
24likes
25Comments
Microsoft Defender for Identity Ninja Training
Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization. Dig in to the features, detentions, and functions of Microsoft Defender for Identity.
BrandonLawson
Feb 24, 2021 Place Microsoft Security Community Blog
144KViews
30likes
30Comments
End of mainstream support for Advanced Threat Analytics January 2021
A single compromised user or malicious insider can compromise an entire organization – which is why we’re always looking for the best way to protect identity environments.
Ricky Simpson
Jul 22, 2020 Place Microsoft Security Community Blog
107KViews
11likes
26Comments
SAM Name impersonation
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities are described as a ‘Windows Active Directory domain service privilege escalation vulnerability'.
Daniel Naim
Dec 20, 2021 Place Microsoft Security Community Blog
90KViews
2likes
8Comments
Updating best practices for Domain Controllers
Customers are on a journey and hybrid identity environments will be an important state for many customers for a long time. Domain Controllers still act as a pivotal piece of infrastructure for many organizations, and the identities that Active Directory holds are often the target for attackers.
Ricky Simpson
Apr 13, 2022 Place Microsoft Security Community Blog
74KViews
16likes
4Comments
Introducing Investigation Priority built on User and Entity Behavior Analytics
Enterprise security operations (SecOps) often have limited resources and staff, and security analysts face evolving, more sophisticated attack methods. Many of the newest tools and vulnerabilities can often go undetected without the right tools. Today, Microsoft is expanding the preview of the Unified SecOps Experience which includes the new Investigation Priority.
Jason Wilson
Mar 06, 2019 Place Microsoft Security Community Blog
58KViews
1like
5Comments
Unified SecOps Investigation for Hybrid Environments
With 81 percent of security breaches caused by compromised user credentials, identity security is paramount for all organizations. Enterprise security operations (SecOps) analysts face an increasing volume and velocity of alerts and incidents across an ever-expanding surface area from on-premises to the cloud.
Jason Wilson
Mar 06, 2019 Place Microsoft Security Community Blog
54KViews
3likes
3Comments
Deceptive defense: best practices for identity based honeytokens in Microsoft Defender for Identity
Honeytokens are a great tool for defenders to augment their security posture with traps hidden within their digital environments. Learn some best practices for the tactics, locations and types of Honeytokens to use with Microsoft Defender for Identity.
Nathan Swift
Jul 06, 2023 Place Microsoft Defender XDR Blog
54KViews
12likes
0Comments
ZeroLogon is now detected by Microsoft Defender for Identity (CVE-2020-1472 exploitation)
We know that all of you have been intrigued about the recently patched CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability, widely known as ZeroLogon. While we strongly recommend that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for Identity (previously Azure Advanced Threat Protection) along with other Microsoft 365 Defender (previously Microsoft Threat Protection) solutions detect adversaries as they try to exploit this vulnerability against your domain controllers.
Daniel Naim
Oct 01, 2020 Place Microsoft Defender XDR Blog
53KViews
7likes
9Comments
Detecting LDAP based Kerberoasting with Azure ATP
In a Kerberoasting attack, LDAP vulnerabilities are exploited to generate a list of accounts with a Kerberos Service Principal Name available. Learn how Azure ATP can help.
Tal Maor
Apr 17, 2019 Place Microsoft Security Community Blog
50KViews
3likes
3Comments