Security News > 2022 > October > If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender
Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users.
For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.
Identity Protection alerts can be configured to trigger when it appears one or more user accounts have been compromised, based on their behavior, location, and other factors.
"Identity Protection alerts are now correlated into related incidents along with alerts from the other security domains, and can be reviewed directly in Microsoft 365 Defender for a full view of the end-to-end attack," Pelleg explained on Tuesday.
Azure AD Identity Protection apparently takes in "Trillions of detection signals" to spot compromised identities; it can generate warnings for, among other things, accounts using leaked credentials, suspicious forwarding of email, and logins coming from unexpected IP addresses and locations.
With these alerts, organizations can suspend specific accounts to block an attack in progress and limit the impact, confirm a user has been compromised and tag them within Identity Protection as high risk, and have them change their password.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/26/microsoft_365_identity_protection/
Related news
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft Defender adds detection of unsecure Wi-Fi networks (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)