Configuring security for internal organization identities and devices is about to get a whole lot easier in Microsoft Defender for Identity as the company plans to add a new step-by-step guide to its cloud-based security solution.
The guide will verify that organizations have satisfied all environment prerequisites and from there it will help them create a Defender for Identity instance, connect to Active Directory and install their sensor. Once complete, user identities will be monitored and immediate action can be taken against any malicious activity that tries to compromise an organization’s on-premises identities.
This feature will be available worldwide and we’ll likely hear more from Microsoft on how it works in a blog post once it begins rolling out to organizations.
Native response actions
In a separate post in the Microsoft 365 roadmap, Microsoft revealed that it will also add native “response” actions to Microsoft Defender for Identity this month.
This new update will provide SecOps (security + operations) personnel with the ability to directly lock an Active Directory account or to prompt for the password to be reset. This will allow them to take direct action when a user is compromised.
Up until now, when a user was confirmed as compromised in Microsoft Defender for Identity, the Azure Active Directory account would be effected via a conditional access rule according to Microsoft.
While Microsoft Defender for Identity already provides admins with a central location where they can identify, detect and investigate on-premises identity-based threats, these two new features will make it easier for organizations to stomp out internal threats before they spread across their networks.