Microsoft Defender for Identity
Detect and respond to advanced identity cyberthreats across your organization.
Identity protection and security
Use Defender for Identity to help security operations teams manage identity risk and spot advanced identity-based cyberthreats.
Reduce cyberattack surface
Understand your identity landscape to minimize exposure to identity-based cyberattacks.
Detect in real time
Spot identity cyberthreats in real time with preconfigured alerts and detections for common and emerging cyberattack patterns.
Investigate cyberthreats in context
Correlate identity alerts with signals from across Microsoft Defender XDR for true incident-level visibility.
Respond to cyberthreats comprehensively
Take immediate action on a compromised identity or use custom detection rules to automate a response that suits your organization’s needs.
Capabilities
Help secure your modern identity landscape with cloud-powered intelligence from Defender for Identity.
Gain visibility with a comprehensive identity inventory
See clearly across your identity landscape with a comprehensive inventory of cloud and on-premises identities.
Highlight the identities most at risk
Explore detailed view of each unique identity’s activities, recent alerts, and overall risk score.
Get industry-leading detections spanning the cyberattack lifecycle
Identify cyberthreats quickly and accurately with prebuilt identity detections for the latest cyberattack strategies with prioritized alerts, all mapped to MITRE ATT&CK techniques.
Immediately respond to compromised identities
Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.
Bolster your protection with identity posture assessments
Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Easily find identity security posture assessments displayed in Microsoft Secure Score.
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal
Detect and disrupt cyberthreats in near real time and streamline investigation and response.
Microsoft Defender XDR
Achieve unified security and visibility across your clouds, platforms, and endpoints.
Microsoft Sentinel
Aggregate security data and correlate alerts from virtually any source with cloud-native SIEM.
Streamline identity protection
Redraw your security perimeter with identity threat detection and response (ITDR) strategies.
See what our customers are saying
Related products
Use industry-leading Microsoft security products to prevent and detect cyberattacks across your Microsoft 365 workloads.
Microsoft Defender XDR
Get integrated cyberthreat protection across devices, identities, apps, email, data, and cloud workloads.
Microsoft Entra ID
Stay informed about suspicious user and sign-in behavior in your Microsoft Entra ID (formerly Azure AD) environment.
Microsoft Defender for Endpoint
Explore endpoint security for businesses with more than 300 users.
Microsoft Defender for Office 365
Help secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.
Additional resources
Explore documentation
Get started with Defender for Identity guides, tutorials, and videos.
Be part of the tech community
Get involved with the Defender for Identity community.
Watch episode one of The Defender’s Watch
Learn how to strengthen your security with evidence-based insights from experts protecting against modern cyberthreats.
Protect everything
Make your future more secure. Explore your security options today.
Follow Microsoft Security