Trace Id is missing
Skip to main content
Microsoft Security

Microsoft Defender for Identity

Detect and respond to advanced identity cyberthreats across your organization.

People working in the Microsoft Security Response Center, looking at information on large desktop monitors.

Identity protection and security

Use Defender for Identity to help security operations teams manage identity risk and spot advanced identity-based cyberthreats.

Reduce cyberattack surface

Understand your identity landscape to minimize exposure to identity-based cyberattacks.

Detect in real time

Spot identity cyberthreats in real time with preconfigured alerts and detections for common and emerging cyberattack patterns.

Investigate cyberthreats in context

Correlate identity alerts with signals from across Microsoft Defender XDR for true incident-level visibility.

Respond to cyberthreats comprehensively

Take immediate action on a compromised identity or use custom detection rules to automate a response that suits your organization’s needs.

Watch the video

Learn how Defender for Identity, a core element of the Microsoft Identity Threat Detection and Response (ITDR) solution, can help you prevent, detect, and respond to identity-based cyberattacks.

Capabilities

Help secure your modern identity landscape with cloud-powered intelligence from Defender for Identity.

Gain visibility with a comprehensive identity inventory

See clearly across your identity landscape with a comprehensive inventory of cloud and on-premises identities.

A dashboard assessing alerts and risky activities with an Investigation priority score of 40.

Highlight the identities most at risk

Explore detailed view of each unique identity’s activities, recent alerts, and overall risk score.

Examples of alerts that Microsoft Defender for Identity can generate

Get industry-leading detections spanning the cyberattack lifecycle

Identify cyberthreats quickly and accurately with prebuilt identity detections for the latest cyberattack strategies with prioritized alerts, all mapped to MITRE ATT&CK techniques.

The configuration of an action account, which is used to perform actions on Active Directory users, such as disabling a user and resetting a password.

Immediately respond to compromised identities

Immediately restrict identities confirmed as compromised so they can’t persist in your organization or be further exploited.

Identity security posture assessment output within the console

Bolster your protection with identity posture assessments

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them. Easily find identity security posture assessments displayed in Microsoft Secure Score.

Back to Tabs

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Animation of microsoft defender dashboard homepage

Unified portal

Detect and disrupt cyberthreats in near real time and streamline investigation and response.

Back to tabs

Streamline identity protection

Redraw your security perimeter with identity threat detection and response (ITDR) strategies.

See what our customers are saying

Siemens logo
When Siemens pivoted to a cloud-first approach, it turned to Microsoft Security solutions as the base for its Zero Trust posture and implemented a range of security solutions, including Microsoft Defender for Identity, to create the blueprint for ongoing, dynamic security enhancements.
 Heineken logo
Heineken turned to Microsoft Security solutions to blend security with the agility it needs to “brew a better world”—and a brighter future.
 
 

Related products

Use industry-leading Microsoft security products to prevent and detect cyberattacks across your Microsoft 365 workloads.

A person using a tablet.

Microsoft Defender XDR

Get integrated cyberthreat protection across devices, identities, apps, email, data, and cloud workloads.

A person sitting in a chair using a laptop.

Microsoft Entra ID

Stay informed about suspicious user and sign-in behavior in your Microsoft Entra ID (formerly Azure AD) environment.

A person looking at a mobile device while sitting on a desk.

Microsoft Defender for Endpoint

Explore endpoint security for businesses with more than 300 users.

A group of people standing overlooking a computer screen.

Microsoft Defender for Office 365

Help secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.

Additional resources

Documentation

Explore documentation

Get started with Defender for Identity guides, tutorials, and videos.

Community

Be part of the tech community

Get involved with the Defender for Identity community.

Documentation

Start using Defender for Identity

Deploy directly from Microsoft Defender XDR.

Webcast

Watch episode one of The Defender’s Watch

Learn how to strengthen your security with evidence-based insights from experts protecting against modern cyberthreats.

Protect everything

Make your future more secure. Explore your security options today.

Follow Microsoft Security