{“lastseen”:”2025-10-23T17:23:06″,”description”:”In today\u2019s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of users, infrastructure, and tools scattered across hybrid environments or even multivendor ecosystems. To put the threat into perspective, we saw more than 7,000 password attacks every second in 2024, and on average 66% of attack paths involve some type of identity compromise.1 AI is further amplifying this challenge by introducing a surge of non-human identities that require even more unique protection and capabilities. \\n\\nThis evolution demands a fundamental shift in Identity Threat Detection and Response (ITDR). It\u2019s no longer simply about protecting users; it requires consistent, comprehensive protection for every piece of the identity fabric, whether human or non-human, on-premises or in the cloud, from Microsoft or another vendor.\\n\\nDeliver seamless ITDR across your identity landscape\\n\\n\\n\\n## ITDR for the modern enterprise\\n\\nSuccessful identity security practices understand that seams in protection are the real enemy of identity security. A unified approach between identity and security teams is a necessity and our unique perspective as both a leading identity and security provider allow us to further streamline the flow of contextual insights, actions, and workflows across these groups, minimizing the potential for gaps or oversight.\\n\\n\\n\\nWhile both identity and security teams play critical roles in ITDR, it is just one piece of their overall charter and goal. For security operations center (SOC) professionals their core mission remains to prevent, detect, and respond to cyberthreats that could impact their organization\u2019s security and business continuity. On a day-to-day basis, identity and security teams proactively harden their security posture, triage and investigate incoming alerts, and, when a true cyberthreat is confirmed, coordinate a rapid and effective response. Within this broader mission, ITDR resents a critical but focused subset. For instance, identity security posture recommendations are essential but only one piece of broader security hardening.\\n\\nSimilarly, identity alerts offer invaluable insights needed to detect anomalous identity activity, but they must be understood in the context of the overall cyberattack. And while identity response actions such as revoking sessions or enforcing multifactor authentication are critical to stop attacks, they must be coordinated with other response actions across endpoints and other domains to block lateral movement. \\n\\nTrue defense requires enriching identity signals and delivering them in context as part of a unified threat picture, enabling coordinated response across domains, and continuously improving posture to stay ahead of evolving cyberthreats.\\n\\nThis blog explores how Microsoft is reimagining identity security to meet these challenges head-on\u2014empowering defenders with the clarity, context, and control they need to stay ahead of identity-based threats.\\n\\n## Enriched and insightful: Building the foundation for identity security\\n\\nIdentity security starts with ensuring your environment is protected as a foundation. Visibility across your organization\u2019s unique fabric of interconnected identities, infrastructure, and applications is what enables SOC teams to detect cyberthreats earlier, respond faster, and reduce risk across the board. Because in today\u2019s identity-driven cyberthreat landscape, partial visibility is no longer an option. To meet this challenge, organizations need sensors for on-premises infrastructure and integrations with cloud-based identity solutions to pull in insights from the entirety of their identity fabric.\\n\\nUnderstanding this, Microsoft is proud to offer one of the widest sets of dedicated sensors for on-premises identity infrastructure. Domain controllers, Active Directory Federation Services (AD FS), Active Directory Certificate Services (AD CS), and Microsoft Entra ID Connect each serve a distinct purpose within on-premises identity footprint and our dedicated sensors are purpose built to monitor and detect anomalies within their specific activity or configurations.\\n\\nAdditionally, I am excited to announce the general availability of the unified identity and endpoint sensors we unveiled at Microsoft Ignite in 2024. This amazing milestone makes it even easier for new Microsoft Defender for Identity customers to activate identity protections on qualifying domain controllers and start benefiting from identity-specific visibility, posture recommendations, alerts, and automatic attack disruption capabilities within the Defender experience.\\n\\n\\n\\n## Empowering SOC Analysts: \\u003cbr\\u003eInvestigating Identity Threats \\u003cbr\\u003ewith Microsoft Defender XDR \\n\\nRead the blog \u2197\\n\\nOur protections don\u2019t end on-premises, however. Defender\u2019s native integration with Microsoft Entra ID empowers the SOC with real-time visibility into Entra identity activity, risk level, and seamless integration into Zero Ttrust policies through Conditional Access and user containment. And because identity fabrics are rarely homogenous, Microsoft also supports other cloud identities like Okta, offering unified visibility, posture insights, and ITDR capabilities across platforms.\\n\\nThe raw data into cloud and on-premises accounts is important but to be truly insightful it needs to be enriched. To do this we are shifting the paradigm from account-centric to identity-centric. This means correlating information across accounts, platforms, and environments to reveal an identity\u2019s true footprint. With an understanding of how multiple accounts map back to a single identity, the SOC can more accurately investigate and respond to cyberthreats.\\n\\n## What is privileged access management (PAM)? \\n\\nLearn more \u2197\\n\\nThis enriched view is especially critical when dealing with privileged identities. Integrations with Privileged Access Management (PAM) solutions further empower security organizations to monitor and protect high-value identities. \\n\\nAll of this is in addition to the native extended detection and response (XDR) correlation done by Microsoft Defender that automatically links identity signals with insights from other security domains, giving security teams a unified threat picture, breaking down silos, and improving response efficiency. From the Identity page in the Defender portal, SOC analysts can see related devices, applications, and alerts\u2014creating a connected view of the threat landscape. These relationships are also exposed in Advanced Hunting, allowing defenders to query across domains and uncover patterns that would otherwise remain hidden. And because Microsoft extends protections to AI agents, service accounts, third-party identities and more, it can use behavioral signals to detect drift and enforce policy\u2014an area where many competitors simply can\u2019t match.\\n\\n## Context is everything\\n\\nMicrosoft Defender delivers deep, enriched visibility into your unique identity fabric. But the true magic lies in how this intelligence is operationalized within the SOC experience. Defender and Microsoft Entra work together generate identity alerts, which get correlated into broader security incidents within Microsoft Defender XDR, giving analysts a unified view of threat activity across endpoints, identities, and cloud resources. Similarly, identity-posture recommendations are part of Microsoft\u2019s Exposure Management strategy, where they are surfaced alongside other risk signals to help teams proactively reduce their attack surface. And when a threat is confirmed, automatic attack disruption can dynamically contain not only the compromised user but also the devices and sessions associated with the attack. This contextualization turns the powerful insights into decisive action. And in today\u2019s threat landscape it\u2019s not just about seeing more\u2014it\u2019s about responding smarter, faster.\\n\\n\\n\\n## Getting started\\n\\nNew Defender for Identity customers interested in activating the unified sensor can learn more, including how to deploy, within our documentation here. Existing customers that have already deployed the Defender for Identity sensors do not need to do anything at this time, stay tuned for migration guidance in the coming months. \\n\\nLearn more about Microsoft ITDR solutions.\\n\\nTo learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.\\n\\n* * *\\n\\n1State of Multicloud Security Risk, Microsoft, 2024.\\n\\nThe post Harden your identity defense with improved protection, deeper correlation, and richer context appeared first on Microsoft Security Blog.”,”published”:”2025-10-23T16:00:00″,”modified”:”2025-10-23T16:00:00″,”type”:”mssecure”,”title”:”Harden your identity defense with improved protection, deeper correlation, and richer context”,”source”:””,”references”:””,”id”:”MSSECURE:A81252C483236EDEC383BFEC62B4738D”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/10\/23\/harden-your-identity-defense-with-improved-protection-deeper-correlation-and-richer-context\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-23T17:23:06″,”description”:”In today\u2019s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,110,13,33,7,11,5],"class_list":["post-22921","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n