Microsoft Defender for Identity

​Microsoft Defender for Identity is a Microsoft-hosted service that captures, parses, and analyzes Active Directory (AD) network traffic on AD domain controllers. It examines authentication, authorization, and other activities for indicators of potentially suspicious behavior by a user or on a device within an organization. Defender for Identity is a part of the Enterprise Mobility + Security (EMS) E5 and Microsoft 365 E5 suites of hosted services. Prior to Oct. 2020, Microsoft Defender for Identity was named Azure Advanced Threat Protection (Azure ATP).

Become a DOM member or log in to read the full report