Microsoft Defender for Identity
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | AzureAdvancedThreatProtection |
| Publisher | Microsoft |
| Used in Solutions | Microsoft Defender for Identity |
| Collection Method | Unknown |
| Connector Definition Files | MicrosoftDefenderforIdentity.JSON |
| Microsoft Learn | View on Learn |
Connect Microsoft Defender for Identity to gain visibility into the events and user analytics. Microsoft Defender for Identity identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:
Monitor users, entity behavior, and activities with learning-based analytics
Protect user identities and credentials stored in Active Directory
Identify and investigate suspicious user activities and advanced attacks throughout the kill chain
Provide clear incident information on a simple timeline for fast triage
For more information, see the Microsoft Sentinel documentation >.
Tables Ingested
This connector ingests data into the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityAlert |
ProductName == "Azure Advanced Threat Protection" |
✓ | ✗ | ✓ |
Permissions
Resource Provider Permissions:
- Workspace (Workspace): read and write permissions.
Licenses:
- Microsoft Defender for Identity
Tenant Permissions: Requires SecurityAdmin, GlobalAdmin on the workspace's tenant
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect Microsoft Defender for Identity to Microsoft Sentinel
If your tenant is running Microsoft Defender for Identity in Microsoft Defender for Cloud Apps, connect here to stream your Microsoft Defender for Identity alerts into Microsoft Sentinel
- Connect Microsoft Defender for Identity
In order to integrate with Microsoft Defender for Identity alerts, use global administrator, or security administrator permission.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊