0
(0)

This article explains how to apply Microsoft Defender for Identity entity tags in Microsoft 365 Defender.

 Important

As part of the convergence with Microsoft 365 Defender, some options and details have changed from their location in the Defender for Identity portal. Please read the details below to discover where to find both the familiar and new features.

Entity tags

In Microsoft 365 Defender, you can set three types of Defender for Identity entity tags: Sensitive tagsHoneytoken tags, and Exchange server tags.

To set these tags, in Microsoft 365 Defender, go to Settings and then Identities.

Go to Settings, then Identities.

The tag settings will appear under Entity tags.

Tag setting types.

To set each type of tag, follow the instructions below.

Sensitive tags

The Sensitive tag is used to identify high value assets. The lateral movement path also relies on an entity’s sensitivity status. Some entities are considered sensitive automatically by Defender for Identity. For a list of those assets, see Sensitive entities.

You can also manually tag users, devices, or groups as sensitive.

  1. Select Sensitive. You will then see the existing sensitive UsersDevices, and Groups.

    Sensitive entities.

  2. Under each category, select Tag… to tag that type of entity. For example, under Groups, select Tag groups. A pane will open with the groups you can select to tag. To search for a group, enter its name in the search box.

    Add groups.

  3. Select your group, and click Add selection.

    Add selection.

Honeytoken tags

Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.

You can tag users or devices with the Honeytoken tag in the same way you tag sensitive accounts.

  1. Select Honeytoken. You’ll then see the existing honeytoken Users and Devices.

    Honeytoken entities.

  2. Under each category, select Tag… to tag that type of entity. For example, under Users, select Tag users. A pane will open with the groups you can select to tag. To search for a group, enter its name in the search box.

    Add users.

  3. Select your user, and click Add selection.

    Add selected user.

Exchange server tags

Defender for Identity considers Exchange servers as high-value assets and automatically tags them as Sensitive. You can also manually tag devices as Exchange servers.

  1. Select Exchange server. You’ll then see the existing devices labeled with the Exchange server tag.

    Exchange servers.

  2. To tag a device as an Exchange server, select Tag devices. A pane will open with the devices that you can select to tag. To search for a device, enter its name in the search box.

    Add devices.

  3. Select your device, and click Add selection.

    Select device.

Example of the other actions can be taken on email messages.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.