Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true with regards to use of unsupported or outdated components.
While your company may invest significant time and effort on hardening identities and identity infrastructure (such as Active Directory, Active Directory Connect) as an on-going project, it is easy to remain unaware of common misconfigurations and use of legacy components that represent one of the greatest threat risks to your organization. Microsoft security research reveals that most identity attacks utilize common misconfigurations in Active Directory and continued use of legacy components (such as NTLMv1 protocol) to compromise identities and successfully breach your organization. To combat this effectively, Microsoft Defender for Identity now offers proactive identity security posture assessments to detect and suggest improvement actions across your on-premise Active Directory configurations.
What do Defender for Identity identity security posture assessments provide?
- Detections and contextual data on known exploitable components and misconfigurations, along with relevant paths for remediation.
- Defender for Identity detects not only suspicious activities, but also actively monitors your on-premise identities and identity infrastructure for weak spots, using the existing Defender for Identity sensor.
- Accurate assessment reports of your current organization security posture, enabling quick response and effect monitoring in a continuous cycle.
How do I get started?
Access
Defender for Identity security assessments are available using the Microsoft Defender for Cloud Apps portal after turning on the Defender for Identity integration. To learn how to integrate Defender for Identity into Defender for Cloud Apps, see Defender for Identity integration.
Licensing
Accessing Defender for Identity security assessment reports in Defender for Cloud Apps do not require a Defender for Cloud Apps license, only a Defender for Identity license is required.
Access Defender for Identity using Defender for Cloud Apps
See the Defender for Cloud Apps quick start to familiarize yourself with the basics of using the Defender for Cloud Apps portal.
Identity security posture assessments
Defender for Identity offers the following identity security posture assessments. Each assessment is a downloadable report with instructions for use and tools for building an action plan to remediate or resolve.
Assessment reports
- Domain controllers with Print Spooler service available
- Dormant entities in sensitive groups
- Entities exposing credentials in clear text
- Microsoft LAPS usage
- Legacy protocols usage
- Riskiest lateral movement paths (LMP)
- Unmonitored domain controllers
- Unsecure account attributes
- Unsecure Kerberos delegation
- Unsecure SID History attributes
- Weak cipher usage
To access identity security posture assessments:
- Open the Microsoft Defender for Cloud Apps portal.
- Select Investigate from the left menu, then click Identity security posture from the drop-down menu.
- Click the identity security posture assessment you wish to review from the Security assessment reports list that opens.