𝗦𝗶𝗺𝗽𝗹𝗶𝗳𝗶𝗲𝗱 𝗱𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁 𝘄𝗶𝘁𝗵 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆

"Microsoft Defender for Identity is an essential part of a modern security practice, helping your organization protect against, and respond to, identity-based threats. In this blog we will show you the simple steps for deploying Microsoft Defender for Identity within your environment."

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/simplified-deployment-with-defender-for-identity/ba-p/3966035

#defenderforidentity #mdi #microsoft #microsoftsecurity #defender #adfs #domaincontroller #activedirectory #itdr #azure #adfs #adcs #deployment

𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐞𝐱𝐩𝐚𝐧𝐝𝐬 𝐢𝐭𝐬 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐰𝐢𝐭𝐡 𝐧𝐞𝐰 𝐀𝐃 𝐂𝐒 𝐬𝐞𝐧𝐬𝐨𝐫

Sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.

AD CS is a role in Windows Server that allows you to create and manage public key infrastructure (PKI) certificates.

New detections:

➡️Domain-controller certificate issuance for a non-DC

➡️Suspicious disable of audit logs of AD CS

➡️Suspicious deletion of the certificate database

➡️Suspicious modifications to the AD CS settings (coming soon)

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-defender-for-identity-expands-its-coverage-with-new-ad/ba-p/3894215

#defenderforidentity #xdr #mdi #azure #microsoft #micrsoftsecurity #soc #adcs #pki #windows #server #cybersecurity #microsoft365defender #cloudsecurity #identity

New #DefenderforIdentity sensor for Active Directory Certificate Services (#ADCS):
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-defender-for-identity-expands-its-coverage-with-new-ad/ba-p/3894215

Can detect suspicious activity used by adversaries as well as detect insecure settings.

Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst