Microsoft Defender for Identity

Detect and respond to advanced identity cyberthreats across your organization.

People working in the Microsoft Security Response Center, looking at information on large desktop monitors.

Identity protection and security

Use Defender for Identity to help security operations teams manage identity risk and spot advanced identity-based cyberthreats.

Reduce cyberattack surface

Understand your identity landscape to minimize exposure to identity-based cyberattacks.

Detect in real time

Spot identity cyberthreats in real time with preconfigured alerts and detections for common and emerging cyberattack patterns.

Investigate cyberthreats in context

Correlate identity alerts with signals from across Microsoft Defender XDR for true incident-level visibility.

Respond to cyberthreats comprehensively

Take immediate action on a compromised identity or use custom detection rules to automate a response that suits your organization’s needs.

Watch the video

Learn how Defender for Identity, a core element of the Microsoft Identity Threat Detection and Response (ITDR) solution, can help you prevent, detect, and respond to identity-based cyberattacks.

Capabilities

Help secure your modern identity landscape with cloud-powered intelligence from Defender for Identity.

Gain visibility with a comprehensive identity inventory Highlight the identities most at risk Get industry-leading detections spanning the cyberattack lifecycle Immediately respond to compromised identities Bolster your defenses with identity posture assessments

Gain visibility with a comprehensive identity inventory

See clearly across your identity landscape with a comprehensive inventory of cloud and on-premises identities.

A dashboard assessing alerts and risky activities with an Investigation priority score of 40.

Highlight the identities most at risk

Explore detailed view of each unique identity’s activities, recent alerts, and overall risk score.

Learn more

Examples of alerts that Microsoft Defender for Identity can generate

Get industry-leading detections spanning the cyberattack lifecycle

Identify cyberthreats quickly and accurately with prebuilt identity detections for the latest cyberattack strategies with prioritized alerts, all mapped to MITRE ATT&CK techniques.

Learn more

The configuration of an action account, which is used to perform actions on Active Directory users, such as disabling a user and resetting a password.

Immediately respond to compromised identities

Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.

Learn more

Identity security posture assessment output within the console

Bolster your protection with identity posture assessments

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Easily find identity security posture assessments displayed in Microsoft Secure Score.

Learn more

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Unified portal Microsoft Defender XDR Microsoft Sentinel

Unified portal

Detect and disrupt cyberthreats in near real time and streamline investigation and response.

Learn more about Microsoft unified XDR and SIEM

Streamline identity protection

Redraw your security perimeter with identity threat detection and response (ITDR) strategies.

Learn more

See what our customers are saying

When Siemens pivoted to a cloud-first approach, it turned to Microsoft Security solutions as the base for its Zero Trust posture and implemented a range of security solutions, including Microsoft Defender for Identity, to create the blueprint for ongoing, dynamic security enhancements.

Learn more