Skip to the content.
Microsoft Azure Fundamentals
Microsoft Defender for Identity
- Formerly Azure Advanced Threat Protection (ATP)
- Cloud-based security solution that identifies, detects, helps you investigate threats.
- Capable of detecting known malicious attacks and techniques, security issues such as compromised identities, and risks/threats against your network.
- Can be integrated with on-premises Microsoft Defender ATP
Microsoft Defender for Identity components
Microsoft Defender for Identity portal
- Own portal at portal.atp.azure.com
- ❗ User accounts must be assigned to an Azure AD security group that has access to the Azure ATP portal to be able to sign in.
- Through it you can monitor and respond to suspicious activity.
- Allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors.
- Monitor, manage, and investigate threats in your network environment.
Microsoft Defender for Identity sensor
- Sensors are installed directly on your domain controllers.
- 📝 Monitors domain controller traffic without requiring a dedicated server or configuring port mirroring.
Microsoft Defender for Identity cloud service
- Runs on Azure infrastructure
- Deployed in the United States, Europe, and Asia.
- Connected to Microsoft Intelligent Security Graph
- Threats signals are seamlessly shared across all the services in Microsoft 365 Defender, 6.5 trillion signals daily.
- Microsoft 365 Defender
- Formerly known as Microsoft Threat Protection
- Consists of different Azure security services
- E.g. Office ATP, Microsoft Defender ATP, SmartScreen, Exchange Online Protection (EOP)
- Provides comprehensive security across multiple attack vectors.
- Allows you to use Microsoft Graph Security API
- Connects Microsoft security products, services, and partners
- Can be used to
- streamline security operations
- improve threat protection, detection, and response capabilities.