What’s Microsoft Defender for identity?

Microsoft Defender for Identity is designed to protect your on-premises Active Directory (AD) and Active Directory Federation Services (ADFS). Microsoft Defender for Identity can perform the following:

• Monitor user and entity behavior/activities with intelligent analytics.
• Protect user identities and reduces the attack surface.
• Identify and investigate suspicious user activities to find advanced attacks throughout your environment.
• Use the Microsoft 365 portal to monitor and respond to investigate alerts and user activity.

How does Microsoft Defender for Identity work?

Microsoft Defender for Identity monitors your domain controllers’ network traffic and event logs. It then uses this information to detect attacks and threats. Microsoft Defender for Identity gathers the information and analyzes it based on user and device behavior. But what’s the flow?

In short, you install a sensor on your AD FS servers and domain controllers. The sensor will send the network traffic, Windows events, and traces back to Microsoft Defender for Identity that’s in the Microsoft 365 cloud. Microsoft Defender for Identity will send the information to the Microsoft Defender for Cloud Apps portal and show you the activities, and alerts.

But don’t worry. Microsoft won’t use your data for advertising or anything else other than providing you the defense your…