Defender for Identity (formally knows as Azure ATP) is a cloud based security solution for Active Directory. Lightweight sensors are installed on Domain Controllers and Active Directory Federation Services (AD FS) (if applicable). These sensors monitor traffic and send events to the Defender for Identity cloud service. Defender for Identity monitors user and network activity for suspicious activities, compromised credentials, kerberos ticket attacks and more, raising alerts and notifications. Administrators can view the attack timeline, filter alerts and search for indicators of compromise.