Skip to main content
Microsoft Security
Sign in

Microsoft Defender for Identity

Protect your on-premises identities with cloud-powered intelligence.

Try for free Contact Sales
People working in the Microsoft Security Response Center, looking at information on large desktop monitors.

Identity protection and security

Use Defender for Identity to help security operations teams manage identity risk and correlate signals with Microsoft 365.

Reduce attack surface

Understand your risk posture to proactively minimize exposure to attacks.

Detect in real time

Be alerted to suspicious activities, compromised identities, and lateral movement throughout your organization.

Investigate threats

Correlate identity alerts with incidents in Microsoft 365 Defender, giving security teams important context when investigating threats.

Respond to threats comprehensively

Take immediate action on a compromised identity or use custom detection rules to automate a response that suits your organization’s needs.

Watch the video

See how Defender for Identity helps protect organizations against identity-based threats across the entire attack lifecycle.

Capabilities

Get cloud-powered insights and intelligence in each stage of the attack lifecycle with Defender for Identity and help secure your identity infrastructure.

Bolster your defenses with identity posture assessments Get industry-leading detections spanning the attack lifecycle Highlight the identities most at risk Immediately respond to compromised identities
Identity security posture assessment output within the console

Bolster your defenses with identity posture assessments

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Identity security posture assessments are displayed in Microsoft Secure Score for increased visibility.

Learn more
Examples of alerts that Microsoft Defender for Identity can generate

Get industry-leading detections spanning the attack lifecycle

Identify threats quickly and accurately with real-time analytics and data intelligence. Use sources such as event tracing for Windows, configuration data from Microsoft Entra ID, audit events, and network traffic—all mapped to MITRE ATT&CK techniques.

Learn more
A dashboard assessing alerts and risky activities with an Investigation priority score of 40.

Highlight the identities most at risk

Prioritize the riskiest users in your organization. Combine insights from on-premises and cloud identities to get a user investigation priority score based on observed behavior and number of prior incidents.

Learn more
The configuration of an action account, which is used to perform actions on Active Directory users, such as disabling a user and resetting a password.

Immediately respond to compromised identities

Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.

Learn more
Back to Tabs

Integrated threat protection with SIEM and XDR

Empower your defenders to effectively secure your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).

Microsoft 365 Defender Microsoft Sentinel Microsoft Defender for Cloud
The homepage in Microsoft 365 Defender showing active threats, active incidents, users at risk and more.

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Learn more about Microsoft 365 Defender
Back to tabs

Streamline identity protection

Redraw your security perimeter with identity threat detection and response (ITDR) strategies.

Learn more

See what our customers are saying

Siemens logo
When Siemens pivoted to a cloud-first approach, it turned to Microsoft Security solutions as the base for its Zero Trust posture and implemented a range of security solutions, including Microsoft Defender for Identity, to create the blueprint for ongoing, dynamic security enhancements.
Learn more
Heineken logo
Heineken turned to Microsoft Security solutions to blend security with the agility it needs to “brew a better world”—and a brighter future.
 
 
Learn more

Related products

 Use best-in-class Microsoft security products to prevent and detect attacks across your Microsoft 365 workloads.

Learn more
A person using a tablet.

Microsoft 365 Defender

Get integrated threat protection across devices, identities, apps, email, data, and cloud workloads.

Learn more
A person sitting in a chair using a laptop.

Microsoft Entra ID

Stay informed about suspicious user and sign-in behavior in your Microsoft Entra ID (formerly Azure AD) environment.

Learn more
A person looking at a mobile device while sitting on a desk.

Microsoft Defender for Endpoint

Explore endpoint security for businesses with more than 300 users.

Learn more
A group of people standing overlooking a computer screen.

Microsoft Defender for Office 365

Help secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.

Learn more

Additional resources

Documentation

Explore documentation

Get started with Defender for Identity guides, tutorials, and videos.

View resources
Community

Be part of the tech community

Get involved with the Defender for Identity community.

Join the conversation
Documentation

Start using Defender for Identity

Deploy directly from Microsoft 365 Defender.

Get started
Webcast

Watch episode one of The Defender’s Watch

Learn how to strengthen your security with evidence-based insights from experts defending against modern threats.

Watch now

Protect everything

Make your future more secure. Explore your security options today.

Contact Sales Start free trial

Follow Microsoft