F0rm4tAug 24, 2023

๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐ƒ๐ž๐Ÿ๐ž๐ง๐๐ž๐ซ ๐Ÿ๐จ๐ซ ๐ˆ๐๐ž๐ง๐ญ๐ข๐ญ๐ฒ ๐ž๐ฑ๐ฉ๐š๐ง๐๐ฌ ๐ข๐ญ๐ฌ ๐œ๐จ๐ฏ๐ž๐ซ๐š๐ ๐ž ๐ฐ๐ข๐ญ๐ก ๐ง๐ž๐ฐ ๐€๐ƒ ๐‚๐’ ๐ฌ๐ž๐ง๐ฌ๐จ๐ซ

Sensor that can be deployed on Active Directory Certificate Services (AD CS) servers. This new sensor builds on the existing detections for suspicious certificate usage available today and extends Defender for Identities capabilities and coverage more comprehensively across identity environments.

AD CS is a role in Windows Server that allows you to create and manage public key infrastructure (PKI) certificates.

New detections:

โžก๏ธDomain-controller certificate issuance for a non-DC

โžก๏ธSuspicious disable of audit logs of AD CS

โžก๏ธSuspicious deletion of the certificate database

โžก๏ธSuspicious modifications to the AD CS settings (coming soon)

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-defender-for-identity-expands-its-coverage-with-new-ad/ba-p/3894215

#defenderforidentity #xdr #mdi #azure #microsoft #micrsoftsecurity #soc #adcs #pki #windows #server #cybersecurity #microsoft365defender #cloudsecurity #identity

Microsoft Defender for Identity expands its coverage with new AD CS sensor!

We are happy to announce the availability of the Microsoft Defender for Identity sensor for Active Directory Certificates Services (AD CS) after successfully..

TECHCOMMUNITY.MICROSOFT.COM