Summary
In this chapter, we examined Microsoft Defender for Identity (MDI), which is a feature that's included with Enterprise Mobility + Security E5 and Microsoft 365 E5. It enables you to protect your Microsoft 365 hybrid cloud environment against malicious actors attempting to access vulnerable user accounts and devices and conduct reconnaissance activities to gain elevation of privilege and achieve domain dominance.
We also learned how to configure MDI in the Microsoft 365 Defender portal and install sensors on domain controllers. We looked at how entity tags can be configured to establish sensitive accounts, honeytoken accounts, and exchange servers and set to trigger alerts when matched to suspicious activity. We then considered how MDI establishes a timeline of suspicious and malicious activities, the steps that can be taken to review and resolve these within the MDI health center, and how to use notifications and alerts.
In the next chapter, we will examine the principles...
