Microsoft Security Product Hub

Defender for Identity


Defender for Identity (formally knows as Azure ATP) is a cloud based security solution for Active Directory. Lightweight sensors are installed on Domain Controllers and Active Directory Federation Services (AD FS) (if applicable). These sensors monitor traffic and send events to the Defender for Identity cloud service. Defender for Identity monitors user and network activity for suspicious activities, compromised credentials, kerberos ticket attacks and more, raising alerts and notifications. Administrators can view the attack timeline, filter alerts and search for indicators of compromise.


  • Visibility of Active Directory advanced threats, compromised identities and malicious insider actions
  • Protect AD FS in hybrid Azure AD configurations
Secure Remote Work
Zero Trust