Forum Discussion
MicrosoftNinja Cat Giveaway: Episode 10 | Identity Threat Detection and Response
For this episode, your opportunity to win a plush ninja cat is the following –
Our season finishes here! After learning about this last topic, tell us your thoughts on the Microsoft 365 Defender approach to ITDR.
This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
- My favourite quote of the session was "securing identities is a team sport", I love how Microsoft is encouraging organisations to ensure the identity team and SOC team work together as one to protect their environments better and protect identities where ever the are and providing protection across different identity providers.
- Thank you, Heike, your team, and all speakers for the amazing Ninja training! Looking forward to the next season!
- Great episode and a lot of food for thought. I love the unified approach of Defender's ITDR, combining information from all of the Defender components to provide extended detection and response across domains. It makes my job much easier!
I want to reach out and express my gratitude for the Virtual Ninja Training. The shared insights and expertise in the different area's of Microsoft products have been incredibly valuable to me and I'm sure to many others who watched the training.
I believe that the Microsoft 365 Defender approach to ITDR is comprehensive and proactive, providing organizations with the tools they need to protect against a range of identity-related attacks. The solution's focus on identity protection is especially critical given the increasing prevalence of identity theft and fraud in today's digital landscape.
MSTechieMy favourite quote of the session was "securing identities is a team sport", I love how Microsoft is encouraging organisations to ensure the identity team and SOC team work together as one to protect their environments better and protect identities where ever the are and providing protection across different identity providers.- Great show, cannot wait for Season 4!
In terms of M365 Defender approach to ITDR:
The whole defender 365 solution in terms of identity investigation is evolving so fast that it only makes me smile. (Talking from the SOC Operative perspective). Although I have noticed that sometimes the metrics, such as “Investigation Priority” is not accurate and seems like guessing game, as for some users “High Priority” is not justified, as from the investigation no abnormal behaviour was noticed.
Apart from that, great feature 🙂
Another feature that “bring joy” are the merge of response actions that blue teamers can do from the identity tab in Defender. Marking the user as Compromised instead of rushing to the Identity Protection - Cool!
Forcing User Password Reset instead of rushing to AAD - Cool!
Disabling user account and banishing them to shadow realm - Super Cool! 😄
Waiting for new stuff to come! - I find it great that all the information about a user is summarized in a managemen console. All the indentities in one console and with the Secure Score I can find exactly the candidates that I need to look at more closely and here you can also dig deeper and have all the information together. My Security Engineer will it like so much
HeikeRitter thank you and the Defender Tech Community team for the past season of the Ninja Cat Show! It has been a thrill to watch it.
My thoughts on the Defenders ITDR-approach from an operator standpoint are how simple it is to first set up for the whole organization and gain valuable insight into the identity risk brought by either a rogue user or stolen credentials. ITDR enriches the identity data in an abnormal situation involving any sort of identity, no matter if it's an actual user, shared mailbox, service account or anything else in cloud, on-prem or external. Risk scores are also a very nice way to display how the user is regurarly acting and if there is some big variance all of a sudden.
- Microsoft has done a great job with ITDR in Defender. I have been using these tools to identify possible threats within our environment and with its tight integration with our IMS, it makes filtering out possible false positives easy so I can focus more on the alerts that need attention.
- Thank you for the session! What I particularly love is recognizing that ITDR is a team sport. Generally speaking, I have seen lots of fragmentation, where one team has no idea what the other one is doing. Especially where there are tools or services that are used within one team in the company, and broadly speaking IT would have no idea about it. Seeing lots of different apps and identity providers listed in the demo was great.
Teaming up and sharing relevant information - that is a real force multiplier and enables everyone to be more effective! HeikeRitter I Really like the ITDR. Its nice to have a place to look at all the logins, the risk score, and why they scored high. If you do spot a true positive risk for a user you need to be able to quickly disable their AD account and you can do it within a few clicks, it really makes the ITDR portal of great value. Thanks for the great info!
