Microsoft Defender for Identity: Does it Provide a Solution You Need?

In today’s digital age, protecting identities at your organization is an essential aspect of maintaining security. Without adequate protection, identities can become compromised putting all data the identity can access at risk. Microsoft Defender for Identity offers a comprehensive solution designed to help protect your on-premise identities and secure your organization from identity-related security threats.

To help you decide if Microsoft Defender for Identity can help your security operations team keep your organization safe, this article covers the following topics:

What is Microsoft Defender for Identity?

Microsoft Defender for Identity helps protect your organization’s on-premise identities and identify threats. Formerly Azure Advanced Threat Protection, Defender for Identity provides a comprehensive set of security features to secure your organization’s identity data and assets.

Essentially, Microsoft Defender for Identity acts as a shield for your on-premises identities, keeping bad actors at bay and your information safe. It uses advanced technologies like machine learning and behavioral analysis to detect and respond to threats in real-time. You can also monitor your organization’s security posture and quickly respond to any suspicious activity. In short, it’s a powerful tool that can help keep your organization and its users safe from identity-based attacks.

Hybrid & Cross-Cloud Capabilities

Microsoft Defender for Identity offers hybrid capabilities that allow it to provide a seamless security experience across on-premises and cloud environments.

To provide on-premises support, Microsoft Defender for Identity integrates with Azure Active Directory. This allows organizations to use their existing AD infrastructure to secure their identities and assets. It also allows for syncing of identity data across on-premises and cloud environments, providing a unified view of user activities and enabling consistent security policies.

On top of integrating with Azure Active Directory, Defender for Identity also correlates signals with Microsoft 365. This capability allows organizations to secure their identities and assets in the cloud and provides a unified security experience across different cloud services. With this unified security experience, your organization can secure all your cloud services.

Additionally, Microsoft Defender for Identity provides a cloud-based management console that allows organizations to easily manage their security posture across different environments. This includes monitoring and responding to security threats, creating and enforcing security policies, and analyzing security data. It also incorporates monitoring of user behavior so it can provide alerts for behavioral anomalies based on its adaptive built-in intelligence.

Licensing Microsoft Defender for Identity

On top of purchasing a stand-alone license for Microsoft Defender for Identity, organizations can also gain access to it through the Enterprise Mobility + Security License. The E5 license includes all Defender for Identity features whereas the E3 license only offers a few key features. With the E3 license, users can still access multi-factor authentication, access management, conditional access, and advanced security reporting. The E5 license also includes risk-based conditional access and privileged identity management.

Microsoft Defender for Identity - Authenticator

Implementing Microsoft Defender for Identity

Implementing Microsoft Defender for Identity follows a two-phase process. First, your organization needs to make a few specific preparations for deploying it, and then you can deploy it.

Prepare to Deploy Microsoft Defender for Identity

Before deploying Microsoft Defender for Identity, your organization needs to prepare its environment. You also need to ensure you have the necessary resources and permissions in place. To ensure your organization is ready to deploy Microsoft Defender for Identity, follow these steps:

  1. Verify that you have an active Azure AD tenant and an Azure subscription.
  2. Ensure that you have the necessary permissions to configure and manage Azure AD, and to configure and manage Microsoft Defender for Identity.
  3. Determine the resources your environment needs to effectively run Microsoft Defender for Identity with the sizing tool.
  4. Review and update your organization’s security policies and procedures to ensure compatibility with Microsoft Defender for Identity.
  5. Identify and assign the appropriate personnel to manage and maintain the service.
  6. Configure Windows Event collection by using accurate Advanced Audit Policy settings.
  7. Create a plan for testing and rolling out the service in a phased approach, to minimize any potential disruptions to your organization’s operations.

How to Deploy Microsoft Defender for Identity

Deploying Microsoft Defender for Identity involves several steps, including setting up and configuring Azure AD and Microsoft Defender for Identity, creating and deploying policies, and monitoring and maintaining the service. Here is a general overview of the deployment process:

  1. Download the Defender for Identity Sensor: You can download the Defender for Identity sensor from the Microsoft 365 Defender portal in settings then Identities. The sensor is a lightweight agent that is installed on your organization’s servers and workstations to protect against identity-based attacks.
  2. Configure Your Proxy: Before installing the sensor, you’ll need to configure your organization’s proxy settings to ensure that the sensor can communicate with Azure AD and Microsoft Defender for Identity. This includes configuring the proxy server’s IP address, port, and authentication settings.
  3. Install the Defender for Identity Sensor: Once the proxy is configured, you can install the sensor on your organization’s servers and workstations. You can install the sensor by extracting the installation files and then running the setup.exe within the extracted files.
  4. Manage Your Action Accounts: To manage the Defender for Identity sensor, you’ll need to create and configure action accounts, which are used to authenticate the sensor and perform actions on your organization’s identities and assets.
  5. Configure Your Defender for Identity sensor: After the sensor is installed and action accounts are created, you’ll need to configure the sensor to protect your organization’s identities and assets. This includes creating and deploying policies, rules, and alerts, and configuring access management and threat protection settings.


By using Microsoft Defender for Identity, you can keep your organization secure from identity-related risks. It offers a unified security experience for both your on-premise identities and cloud-managed identities. You can use it to reduce your attack surface, detect threats in real-time, investigate new threats, and respond to threats immediately.

Published on: .

How can we help?


Let's start a conversation

location Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

telephone-icon + 1 (619) 292-0800 mail-icon

Don’t want to wait for us to get back to you?