Forum Discussion
HeikeRitter
Microsoft
MicrosoftNinja Cat Giveaway: Episode 10 | Identity Threat Detection and Response
For this episode, your opportunity to win a plush ninja cat is the following –
Our season finishes here! After learning about this last topic, tell us your thoughts on the Microsoft 365 Defender ap...
- My favourite quote of the session was "securing identities is a team sport", I love how Microsoft is encouraging organisations to ensure the identity team and SOC team work together as one to protect their environments better and protect identities where ever the are and providing protection across different identity providers.
Great show, cannot wait for Season 4!
In terms of M365 Defender approach to ITDR:
The whole defender 365 solution in terms of identity investigation is evolving so fast that it only makes me smile. (Talking from the SOC Operative perspective). Although I have noticed that sometimes the metrics, such as “Investigation Priority” is not accurate and seems like guessing game, as for some users “High Priority” is not justified, as from the investigation no abnormal behaviour was noticed.
Apart from that, great feature 🙂
Another feature that “bring joy” are the merge of response actions that blue teamers can do from the identity tab in Defender. Marking the user as Compromised instead of rushing to the Identity Protection - Cool!
Forcing User Password Reset instead of rushing to AAD - Cool!
Disabling user account and banishing them to shadow realm - Super Cool! 😄
Waiting for new stuff to come!
In terms of M365 Defender approach to ITDR:
The whole defender 365 solution in terms of identity investigation is evolving so fast that it only makes me smile. (Talking from the SOC Operative perspective). Although I have noticed that sometimes the metrics, such as “Investigation Priority” is not accurate and seems like guessing game, as for some users “High Priority” is not justified, as from the investigation no abnormal behaviour was noticed.
Apart from that, great feature 🙂
Another feature that “bring joy” are the merge of response actions that blue teamers can do from the identity tab in Defender. Marking the user as Compromised instead of rushing to the Identity Protection - Cool!
Forcing User Password Reset instead of rushing to AAD - Cool!
Disabling user account and banishing them to shadow realm - Super Cool! 😄
Waiting for new stuff to come!
