Microsoft Defender for Identity

• Microsoft Defender for Identity
• Microsoft Defender for Identity Documentation
• What’s new in Microsoft Defender for Identity
• Become a Microsoft Defender for Identity Ninja

Microsoft Tech Community Blogs

• Microsoft Defender for Identity: the critical role of identities in automatic attack disruption
• Protect and Detect: Microsoft Defender for Identity Expands to Entra Connect Server
• Defender for Identity PowerShell module update
• Introducing the new PowerShell Module for Microsoft Defender for Identity
• Identity in focus: Exploring the new ITDR experience within Microsoft Defender
• Easily detect CVE-2024-21427 with Microsoft Defender for Identity
• Introducing the new Defender for Identity Health Alert API
• Securing AD CS: Microsoft Defender for Identity's Sensor Unveiled
• Simplified deployment with Defender for Identity
• Microsoft Defender for Identity expands its coverage with new AD CS sensor!
• Deceptive defense: best practices for identity based honeytokens in Microsoft Defender for Identity
• Leveraging the convergence of Microsoft Defender for Identity in Microsoft 365 Defender Portal
• Microsoft Defender for Identity now detects suspicious certificate usage
• Using gMSA account in Microsoft Defender for Identity in multi-domain forests.
• Microsoft Defender for Identity and Npcap
• Microsoft Defender for Identity Experiences in Microsoft 365 Defender
• Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries
• Enhancing Microsoft Defender for Identity Data Using Microsoft 365 Defender
• ZeroLogon is now detected by Microsoft Defender for Identity CVE-2020-1472 exploitation
• Hunt for threats using events captured by Azure ATP on your domain controller
• Hunting for reconnaissance activities using LDAP search filters
• Microsoft Defender Advanced Threat Protection is now available as an offer to US GCC High customers
• Windows Defender Advanced Threat Protection Preview Expands
• Announcing Windows Defender Advanced Threat Protection

Community Blogs

• Microsoft Defender for Identity Access Key Vulnerability
• Provoking Defender for Identity suspicious certificate usage alerts
• Unmasking the shadows the art of threat hunting in Defender for Identity
• Article 1 – Tips & Tricks #Investigate with Microsoft Defender for Identity
• Article 2 – Tips & Tricks #Deploy Microsoft Defender for Identity (gMSA Accounts)
• Alert changes to sensitive AD groups using MDI
• How To Hunt For LDAP Reconnaissance Within M365 Defender?
• Start Having Visibility In Service Accounts With Defender For Identity
• Using Active Directory Replication Metadata for hunting purposes
• Active Directory reconnaissance and Microsoft Defender XDR detections

Recommended Actions

• Microsoft Defender for Identity Recommended Actions: Unsecure Domain configurations
• Microsoft Defender for Identity Recommended Actions: Unsecure Account Attributes
• Microsoft Defender for Identity Recommended Actions: Remove dormant accounts from sensitive groups
• Microsoft Defender for Identity Recommended Actions: Protect and manage local admin passwords with laps
• Microsoft Defender for Identity Recommended Actions: Configure VPN Integration
• Microsoft Defender for Identity Recommended Actions: Reduce lateral movement path risk to sensitive entities
• Microsoft Defender for Identity Recommended Actions: Stop Clear Text Credentials Exposure
• Microsoft Defender for Identity Recommended Actions: Disable Print Spooler on Domain Controllers
• Microsoft Defender for Identity Recommended Actions: Stop Weak cipher usage
• Microsoft Defender for Identity Recommended Actions: Remove Unsecure SID History Attributes from entities
• Microsoft Defender for Identity Recommended Actions:Unsecure Kerberos Delegation
• Microsoft Defender for Identity Recommended Actions: Install MDI Sensor on all Domain Controllers

Social Media

• Daniel Naim
• Martin Schvartzman

GitHub

• Raymond Roethof - Defender for Identity Tools
• Defender for Identity Sizing Tool