Introducing the new PowerShell Module for Microsoft Defender for Identity
Today, I am excited to introduce a new PowerShell module designed to help further simplify the deployment and configuration of Microsoft Defender for Identity. This tool will make it easier than ever to protect your organization from identity-based cyber-threats.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.
Expanding the Identity perimeter: the rise of non-human identities
Expanding the Identity perimeter With the rise of cloud applications and AI, machine-to-machine access and authentication has become even more prevalent. From automating workflows, integrating applications, managing cloud services and even powering AI agents, non-human identity (NHI) has become vital to modern work. These digital constructs come in many different varieties, each with their own unique characteristics, but because they are foundational elements of many critical business processes, they represent a prime target for cyber-criminals. Not only do NHI greatly outnumber their human counterparts but they are also often highly privileged, eliminating the need for the attacker to elevate this status themselves. AI agents are expected to drive even faster growth machine identities. Copilot Studio alone has more than 230,000 organizations — including 90% of the Fortune 500- already using it to build AI agents and automations. What are non-human Identities? Non-human identities or machine identities like service accounts in Active Directory, Entra registered service principals and third-party OAuth apps, cloud workload identities, AI agents and Secrets each have their own unique roles, responsibilities and vulnerabilities. Despite their importance, there is no team dedicated to securing them holistically, leading to a lack of: Visibility: Different teams are often responsible for the creation of the various types of NHI. Due to this, organizations are often blind to what accounts exist, where, and who owns them. Governance and Management: Limited policies and regulations on how these accounts should be set up, used and managed can create situations where accounts are overprivileged or shared across multiple applications and even where their credentials are stored in plain text or their passwords become stale and susceptible to exploitation. Gaps like these in policy and the lifecycle management of NHI expose organizations to increased risk. Protection: Without dedicated security controls, non-human identities (NHIs) are often left exposed to threats such as credential theft, misuse, or unauthorized access. Many of these identities operate with elevated privileges, making them attractive targets for attackers. A lack of consistent monitoring, anomaly detection, and automated response mechanisms further increases the risk. Effective protection requires implementing least privilege access, rotating credentials regularly, encrypting secrets, and integrating NHIs into a broader identity threat detection and response strategy. How can Microsoft help protect your NHI? While NHIs are a recent term, they have been a critical focus area within Microsoft Security for a long time. Today, Microsoft Security delivers an end-to-end solution for monitoring, securing, and managing non-human identities across their entire lifecycle. Organizations benefit from a comprehensive set of unified capabilities, including: Full-spectrum discovery and visibility: Identify all non-human identities and secrets - including service principals, tokens, keys, and application credentials, across hybrid and multi-cloud environments. Enrichment and risk analysis: Gain deep insights into each identity’s privileges, activity patterns, ownership, and authentication methods to prioritize risks and streamline remediation. Secrets management: Detect secrets in insecure or inappropriate locations, validate their usage, and provide actionable recommendations for protection and remediation. Lifecycle and access governance: Monitor for stale or orphaned accounts, govern OAuth enabled and third-party connections, enforce credential rotation, manage ownership transfer, and ensure secure decommissioning of machine identities. Threat detection and response: Get alerts on suspicious activity or policy deviations, such as unusual privilege escalation, excessive app permissions, or risky machine-to-machine communications. Together, these integrated capabilities empower organizations to proactively identify and mitigate NHI risks, reduce attack surfaces, and strengthen access controls, no matter where identities live or how fast they change. Microsoft brings these protections together, so you can secure every identity -– human and non-human -– across your digital estate. For example, automatic classification rules help organizations quickly find and secure Service Accounts within their organization. 1: Service Account classification capabilities from Defender for Identity And the Microsoft's "Attack Paths" capabilities allow users to see all their NHIs, their connections, associated risks and context, as well as potential lateral movement paths. 2: Attack path mapping in Microsoft Defender illustrates a scenario where a resource contains a service principal certificate that can authenticate asa service principal with permissions to a sensitive database. This represents a risky lateral movement path — one that is now visible and can be proactively secured. What does this mean for you? Non-human identities (NHI) have become a critical yet overlooked component of modern security practices. While each type of NHI poses distinct challenges, they are tightly interconnected and require expertise across the security landscape. This is what makes Microsoft such a powerful partner. Our leadership in identity, security and now AI make us uniquely qualified to help your organization, and your machine identities, stay protected against threats. Our unified approach: consolidating visibility, control, and protection across AI, cloud, apps, data, devices and identities helps comprehensively secure all NHI and your organization. And this is only the beginning. Our team is already hard at work building the cohesive, intelligent defense layer our customers will need to remain protected today and, in the future, including leveraging our leadership in AI to help our customers secure their organizations, and their AI agents, against attacks.Detecting browser anomalies to disrupt attacks early
Uncover the secrets of early attack disruption with browser anomaly detections! This blog post explores how Microsoft Defender XDR leverages advanced techniques to identify unusual browser activities and stop cyber threats in their tracks. Learn about the importance of monitoring unusual browser activities, session hijacking, Business Email Compromise (BEC), and other critical attack paths. With real-world examples and insights into the systematic approach used by Defender XDR, you'll gain a deeper understanding of how to enhance your organization's security posture. Don't miss out on this essential read for staying ahead of cyber threats!Monthly news - August 2024
Microsoft Defender XDR Monthly news August 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from July 2024.
