This is the Trace Id: d55f73a1ee14477bf4b3d249b28bdbd2
Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Identity threat detection and response (ITDR)

Get comprehensive protection for all of your identities and identity infrastructure.

Watch the video
A person using a laptop in a dark room

Develop an effective ITDR strategy

Learn how to protect your organization from identity threats with conditional access policies, comprehensive threat intelligence, and automated response.

Read the blog

Streamline your identity protection

Reinforce your security boundary with complete, consistent protection and effective access management across your entire identity landscape.

Secure adaptive access

Prevent identity attacks before they happen with a modern identity and access management solution designed for today’s organizations.

Threat level intelligence

Reduce the time it takes to identify and respond to cyberthreats by combining information from all identity sources into a single view, with valuable insights.

Automated cyberattack disruption

Quickly stop identity attacks and lateral movement with automated disruption capabilities built into the Microsoft extended detection and response (XDR) platform.

Protect hybrid identity environments

Close gaps and deliver consistent protection for human and non-human identities and identity infrastructure—on-premises or in the cloud.

Unify identity protection and security

Enable near-real-time response with shared tools, rich reporting, and forensics that help identity admins and security operation centers (SOCs) effectively work together to stop cyberattacks.

Make in-the-moment conditional access decisions

Establish a baseline for standard user behavior and spot deviations from the norm with user and entity behavior analytics (UEBA). Analyze potential risks and apply adaptive access policies with AI.

Gain visibility and insight into identity signals

Correlate identity alerts with signals across endpoints, email, collaboration tools, and cloud apps to provide a complete view of the cyberattack chain. Make prioritization and remediation easier with incident-level response.

Automate security response and remediation

Detect and disrupt in-progress cyberattacks automatically based on highly accurate intelligence correlated from a broad range of signals. Reduce the total cost of a cyberattack by limiting compromise and getting people back to work quickly.

Break down existing security silos

Redefine how identity and security teams work together to protect identities.

A diagram on breaking down existing security silos
More about the diagram

Build your ITDR solution

Get powerful protection and visibility across all your identities with products that are designed to work together.

Microsoft Entra ID Microsoft Entra ID Protection Microsoft Defender for Identity Microsoft Defender XDR
People in a conference room in a video meeting with people seated around a table in another room

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects people to their apps, devices, and data.

Learn more
A person working on a laptop

Microsoft Entra ID Protection

Automatically detect and prevent identity compromise with advanced machine learning and automation.

Learn more
A person working on a laptop displaying Outlook that is connected to two desktop monitors displaying data

Microsoft Defender for Identity

Safeguard your identity landscape with comprehensive detections and intelligent automation.

Learn more
A disabled person smiling and using a laptop

Microsoft Defender XDR

Build unified security across your multiplatform endpoints, hybrid identities, emails, and cloud apps.

Learn more
Back to tabs

Additional resources

Get five tips for securing identity and access

Protect your organization from the latest identity threats with effective and cost-saving recommendations.

Read more

Stay ahead of the latest identity security trends

Learn about emerging identity threats and get best practices for protecting your organization.

Read more

Defending Identity Systems with ITDR

Watch the second episode of The Defender’s Watch to learn how to use ITDR solutions to get ahead of ever-evolving identity attacks.

Watch now

Reduce your risk with adaptive access policies

Learn how to apply adaptive access policies at your organization with this technical deep dive.

Read more

Get actionable threat intelligence

Explore how to use threat intelligence to help prevent identity compromise.

Read the blog

Frequently asked questions

  • ITDR stands for identity threat detection and response. This emerging security focus area encompasses solutions designed to help prevent, detect, and respond to increasingly popular identity-related threats. Many identity attacks start when cybercriminals compromise credentials, typically through phishing or other social engineering strategies, but more recently sophisticated cyberattackers have begun targeting the underlying identity infrastructure to exploit vulnerabilities in identity posture. Modern SOC teams are putting increased focus on their identity protection strategy and looking to better correlate their identity signals within their XDR platform for greater visibility into emerging cyberthreats.

  • ITDR security is the processes, products, and solutions required to protect identities. After setting a baseline for normal user behavior with UEBA, ITDR solutions use AI to monitor user activity and uncover deviations from the norm. When a cyberthreat is detected, organizations use automation, predefined workbooks, and prioritized alerts to stop the cyberattack as quickly as possible. It’s important for organizations to continuously reevaluate and update their identity security posture to stay ahead of the emerging cyberthreats.

Protect everything

Make your future more secure. Explore your security options today.

Contact Sales Start free trial

Follow Microsoft Security

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store Support Returns Order tracking Microsoft Store Promise Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education Office Education Educator training and development Deals for students and parents Azure for students
Microsoft AI Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Advertising Microsoft 365 Copilot Microsoft Teams Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Microsoft Power Platform Marketplace Rewards Visual Studio Careers Company news Privacy at Microsoft Investors Sustainability
English (New Zealand)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Contact Microsoft Privacy Manage cookies Terms of use Trademarks About our ads