šŸ”„ Check out my documented journey on how to set up Configuration Manager (MECM) and my updated notes on the Azure AZ-104 Exam! šŸ”„
Posts
Microsoft
Azure
AZ-900
AZ-900 Certification Notes
Acloudguru
chapter10
Chapter 10.7 - Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) (Supplemental)

AZ-900 Certification Notes

Chapter 10.7 - Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) (Supplemental)

Users Are Unreliable

You really can't trust users.

The Constant Threat

If you have anything of value, it's almost guaranteed someone will probably want to get their hands on it. One way could be to target users specifically. Users are often the weakest link in an organization, and they can be tricked, coerced, and manipulated to provide details to assist attackers and to get them access to the corporation.

Microsoft Defender for Identity

  • Monitor Users
    • Analyze user activity and information. This includes any permissions and memberships of groups
  • Baseline Behavior
    • Record what a user's normal behavior and routine is. Any activity outside this routine will be logged as suspicious
  • Suggest Changes
    • Microsoft Defender for Identity will suggest changes to conform with security best practices in order to reduce risks

Cyber-Attack Kill Chain

  • Reconnaissance
    • If a user is searching for information about other users, device IP addresses and more, Microsoft Defender for Identity will raise alerts
  • Brute Force
    • Any attempts to guess user credentials will be identified and flagged
  • Increasing Privileges
    • Any attempt by a user to gain more privileges will be flagged. This could be through anther user's login
Chapter 10.6 - Azure Information ProtectionChapter 10.8 - Azure Sentinel