Microsoft Defender for Identity monitored activities
Implementation Effort: High: Customer IT and Security Operations teams need to drive projects to integrate and configure Defender for Identity with domain controllers.
User Impact: Low: A subset of non-privileged users have to take action or be notified of changes, particularly those whose activities are being monitored.
Overview
Microsoft Defender for Identity monitors information generated from your organization's Active Directory, network activities, and event activities to detect suspicious activity. This integration helps determine the validity of each potential threat, enabling correct triage and response, fitting into the Zero Trust framework by continuously monitoring and analyzing user activities to identify and mitigate risks.