Sign in / up

back to article If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. bombastic bob Silver badge
    Meh

    vague

    They seem a bit light on the detalls of what they "detect". I was curious about that. Virus scanners use signature files (etc.). Not much mentioned here except vague claims. I suppose they keep it close to the chest but still, what good is the "Defender 365" exactly?

    4 0 Reply
    1. Alumoi Silver badge
      Reply Icon

      Re: vague

      Why, the subscription model, of course. Pay every month if you want it to function.

      7 0 Reply
      1. J. Cook Silver badge
        Reply Icon

        Re: vague

        That, and I seen to recall seeing that some aspects of the Identity Protection analytics required an E5 license for each user that you wanted it for, which is a bit on the nose.

        2 0 Reply
    2. stiine Silver badge
      Reply Icon
      Facepalm

      Re: vague

      They added a single SQL query to the front end application, probably along the lines of "select loginfailuretime,sourceip from nsa.warehouse where sourceip not currentip sorted by server.elevation". Then they issued a press release.

      2 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    problem in hand

    "the role an Azure AD identity played in an intrusion" Pretty much sums it up.

    Azure environment is the equivalent of waving carrots at a heard of donkeys on the other side of a fence.

    2 2 Reply
  3. Anonymous Coward
    Anonymous Coward

    Another bandaid on the dying patient

    Azure AD Identity Protection apparently takes in "trillions of detection signals" to spot compromised identities; it can generate warnings for, among other things, accounts using leaked credentials, suspicious forwarding of email, and logins coming from unexpected IP addresses and locations. more noise amongst all the other shit happening on your Windows estate.

    FTFY

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like