Unit 8: Microsoft Defender for Identity
What Defender for Identity Does
Defender for Identity protects on-premises Active Directory.
It detects:
- Credential theft.
- Lateral movement.
- Privilege escalation.
- Insider threats.
Defender for Identity Components
- Defender for Identity portal.
- Sensors installed on domain controllers or AD FS.
- Cloud service connected to Microsoft security graph.
Defender for Identity bridges on-prem AD security with cloud identity protection.
Exam Retention Summary
Identity Protection is:
- Detection and investigation focused.
- Risk-driven and intelligence-based.
- Automated when paired with Conditional Access.
Key exam facts:
- Requires Entra ID Premium P2.
- Supports sign-in risk and user risk policies.
- Enables self-remediation.
- Extends to workload identities.
- Integrates with Defender and Conditional Access.