Microsoft Defender for Identity

Protect your on-premises identities with cloud-powered intelligence.

People working in the Microsoft Security Response Center, looking at information on large desktop monitors.

Manage identity risks

Use Microsoft Defender for Identity to help security operations teams protect on-premises identities and correlate signals with Microsoft 365.

Reduce attack surface

Understand your risk posture to proactively minimize exposure to attacks.

Detect in real time

Be alerted to suspicious activities, compromised users, and lateral movement throughout your organization.

Investigate threats

Correlate identity alerts with incidents in Microsoft 365 Defender, giving security teams important context when investigating threats.

Respond to threats comprehensively

Take immediate action on a compromised identity or use custom detection rules to automate a response that suits your organization’s needs.

Watch the video

See how Defender for Identity helps protect organizations against identity-based threats across the entire attack lifecycle.

Capabilities

Get cloud-powered insights and intelligence in each stage of the attack life cycle with Microsoft Defender for Identity and secure your identity infrastructure.

Identity security posture assessment output within the console

Bolster your defenses with identity posture assessments

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Identity security posture assessments are displayed in Microsoft Secure Score for increased visibility.

 

Examples of alerts that Microsoft Defender for Identity can generate

Get industry-leading detections spanning the attack lifecycle

Identify threats quickly and accurately with real-time analytics and data intelligence using sources like event tracing for Windows, configuration data from Azure Active Directory, audit events, and network traffic—all mapped to MITRE ATT&CK techniques.

 

A dashboard assessing alerts and risky activities with an Investigation priority score of 40.

Highlight the identities most at risk

Prioritize the riskiest users in your organization. Combine insights from on-premises and cloud identities to get a user investigation priority score based on observed behavior and number of prior incidents.

The configuration of an action account, which is used to perform actions on Active Directory users, such as disabling a user and resetting a password.

Immediately respond to compromised users

Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.

Identity security posture assessment output within the console

Bolster your defenses with identity posture assessments

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Identity security posture assessments are displayed in Microsoft Secure Score for increased visibility.

 

Examples of alerts that Microsoft Defender for Identity can generate

Get industry-leading detections spanning the attack lifecycle

Identify threats quickly and accurately with real-time analytics and data intelligence using sources like event tracing for Windows, configuration data from Azure Active Directory, audit events, and network traffic—all mapped to MITRE ATT&CK techniques.

 

A dashboard assessing alerts and risky activities with an Investigation priority score of 40.

Highlight the identities most at risk

Prioritize the riskiest users in your organization. Combine insights from on-premises and cloud identities to get a user investigation priority score based on observed behavior and number of prior incidents.

The configuration of an action account, which is used to perform actions on Active Directory users, such as disabling a user and resetting a password.

Immediately respond to compromised users

Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.

Integrated threat protection with SIEM and XDR

Microsoft empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Combine security information and event management (SIEM) and extended detection and response (XDR) to increase efficiency and effectiveness while securing your digital estate.

Microsoft 365 Defender
 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

The homepage in Microsoft 365 Defender showing active threats, active incidents, users at risk and more.

Microsoft 365 Defender
 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

See what our customers are saying

Siemens logo

 

When Siemens pivoted to a cloud-first approach, it turned to Microsoft Security solutions as the base for its Zero Trust posture and implemented a range of security solutions, including Microsoft Defender for Identity, to create the blueprint for ongoing, dynamic security enhancements.

 Heineken logo

 

Heineken turned to Microsoft Security solutions to blend security with the agility it needs to brew a better world—and a brighter future.

Related products

 Use best-in-class Microsoft security products to prevent and detect attacks across your Microsoft 365 workloads.

Additional resources

Protect everything

Make your future more secure. Explore your security options today.