Defender for Identity
What is Defender for Identity ?
Microsoft Defender for Identity, previously known as Azure Advanced Threat Protection (ATP), was launched in 2018 as part of Microsoft’s broader strategy to address the growing threat of identity-based cyberattacks. With identity becoming the primary attack vector for many breaches, there is the need for a dedicated solution that could monitor and protect Active Directory environments, which are critical to the functioning of enterprise IT systems. Defender for Identity was designed to detect and respond to advanced identity-related threats, such as lateral movement, credential theft, and privilege escalation, providing organisations with comprehensive security for their most critical assets.
It integrates with Active Directory/Entra to monitor and detect suspicious activities, ensuring your business remains secure from identity-based attacks. By leveraging real-time monitoring and advanced detection methods, Defender for Identity helps reduce risk and enhances your overall security posture.
Threat Detection and Investigation
Defender for Identity’s real-time threat detection was developed to counter the increasing sophistication of attacks targeting enterprise identities. It continuously monitors on-premises Active Directory environments and flags unusual activities, such as suspicious logins or privilege changes. By integrating seamlessly with Microsoft 365, it enhances visibility across identity-related threat vectors, helping organisations to quickly investigate incidents and minimise damage. This solution was built to provide IT managers and security teams with immediate, actionable insights, ensuring that identity threats are identified and contained early.
Behavioural Analytics and Learning
With it’s advanced machine learning to study and understand normal user behaviour, it establishes a baseline for each identity in the network. Once this baseline is established, Defender for Identity can detect anomalies that traditional tools may overlook, such as unauthorised access or unusual patterns of movement. Microsoft recognised that human errors or compromised credentials often go unnoticed until it’s too late, so they built this feature to reduce reliance on manual monitoring, automating the detection of potential breaches.
Lateral Movement Detection
Lateral movement detection is a key feature in Defender for Identity, designed to prevent attackers from moving through your network once they’ve gained access. By monitoring identity-related activities, it can detect and block attempts by attackers to move laterally between systems, trying to escalate their privileges or gain access to more critical assets. Lateral movement detection is designed to immediately identify such behaviour, blocking attackers from escalating their privileges and gaining control of sensitive areas in the network. This capability is especially crucial for modern enterprises, where breaches can have devastating consequences if not caught early.
Credential Theft Prevention
Credential theft, a common tactic used by bad actors to impersonate users and move freely within a network. Defender for Identity is highly effective at detecting credential theft attacks such as Pass-the-Hash or Kerberos ticket attacks. By analysing identity behaviour and access patterns, Defender for Identity can spot attempts to use stolen credentials and stop them in their tracks, significantly reducing the risk of compromised accounts leading to major breaches.
Licensing and Integration Benefits
Defender for Identity is available with Microsoft 365 E5 or Enterprise Mobility + Security (EMS) E5 licences, providing organisations with advanced threat protection features at no additional cost for third-party solutions.
The decision to build Defender for Identity within the Microsoft 365 ecosystem was driven by a need for seamless integration, simplifying security management for enterprises. This native integration reduces complexity, allowing organisations to manage their security needs from a single, unified platform, making Defender for Identity a cost-effective and efficient choice.
By leveraging its deep integration with Microsoft’s broader security suite, Microsoft Defender for Identity delivers a comprehensive identity protection solution tailored to today’s evolving threat landscape. The product’s continual innovation and responsiveness to identity-based attacks ensure that businesses can defend against even the most advanced threats with minimal complexity.
| Capability | Benefit | Why It Matters |
|---|---|---|
| Real-time Threat Detection | Detects suspicious activities instantly | Reduces time to respond and mitigate potential damage |
| Behavioural Analytics | Learns user behaviour to flag anomalies | Identifies subtle threats that may evade traditional defences |
| Lateral Movement Prevention | Blocks attackers moving between systems | Contains threats, limiting exposure across the network |
| Credential Theft Prevention | Detects use of stolen credentials (e.g., Pass-the-Hash attacks) | Prevents attackers from accessing critical systems |
| Seamless Integration | Integrates natively with Microsoft 365 and Azure | Lowers complexity, reduces costs, and simplifies management |
250 +
Successful Projects
30 +
Years of Experience
50 +
Service Offerings
See what our
Clients are Saying.
We engaged B2Six Team to provide the technical expertise and automation tools to migrate one of our strategic customers. They were incredibly knowledgeable and flexible, and their automation tools made the entire process seamless.
Oreta
Customer
What stood out for us with B2Six is consistent quality of people (proficient in the domain and has significant Customer environment knowledge) and deliverables. Everyone from B2Six demonstrated a ‘can do attitude’ and you have been focused on delivering a good outcome over the commercials. Often this meant, you maintained flexibility, with strategic partnership in mind.
Large Australian Retailer
B2Six has been a NAB delivery partner for more than 5 years, providing project and professional services. Their deep technical expertise has allowed NAB to move at pace in its simplification journey.
NAB
Customer