Azure Active Directory (Azure AD) Identity Protection alerts are now part of Microsoft 365 Defender.
Identity compromise is a pivotal component in any successful attack. By taking control over a legitimate organizational account, attackers gain the ability to move around the network, access organizational resources, and compromise more accounts. With sufficient permissions in hand, attackers have the “keys to the kingdom” to finally achieve their objective – encrypting the entire network, exfiltrating emails or other confidential information, or any other malicious goals. Because of this, it is critical for defenders to have wide visibility into identity activities and gain assistance in spotting suspicious or abnormal activities. This helps defenders identify, investigate, and respond to identity compromise, stopping and evicting attackers from the network.
With the appearance of modern attackers like
Nobelium, we have seen identity compromise scenarios taken to the next level - extending across the organization’s on-prem network and cloud environment.
