What is the difference between Defender for Identity and Entra ID Protection?

Defender for Identity focuses on protecting on-premises Active Directory from advanced attacks and insider threats using domain controller sensors. Entra ID Protection (formerly Azure AD Identity Protection) focuses on cloud-based identity risks in Azure AD/Entra ID. For hybrid environments, using both provides comprehensive identity protection.

Do I need to install agents on every server?

No. Defender for Identity uses lightweight sensors installed only on domain controllers and AD FS servers. These sensors passively monitor network traffic without requiring agents on workstations or member servers.

Is Defender for Identity included in Microsoft 365 E5?

Yes, Defender for Identity is included in Microsoft 365 E5 and Enterprise Mobility + Security E5 licenses. It can also be purchased as a standalone license or as part of Microsoft Defender for Business.

How does Defender for Identity detect attacks?

Defender for Identity uses machine learning and behavioral analytics to establish baselines for normal user activity, then detects anomalies that could indicate an attack. It also uses signature-based detection for known attack patterns like pass-the-hash and Kerberoasting.

What network ports need to be open?

The Defender for Identity sensor requires outbound HTTPS (port 443) connectivity to the Defender for Identity cloud service. No inbound ports need to be opened from the internet.

Back to Software Store

Microsoft

Microsoft Defender for Identity

Name: Microsoft Defender for Identity
Brand: Microsoft

Protect your on-premises Active Directory from advanced targeted cyber-attacks and insider threats

Talk to Sales

Authorized Partner

Expert Deployment

Dedicated Support

Key Features

Advanced Threat Detection

Identify sophisticated attacks like pass-the-hash, pass-the-ticket, and golden ticket attacks using behavioral analytics and machine learning.

Lateral Movement Paths

Visualize potential attack paths through your network and identify accounts that could be used to access sensitive resources.

Compromised Credential Detection

Detect when user credentials have been stolen or compromised through brute force attacks, exposed passwords, or credential theft techniques.

Security Posture Assessment

Continuously assess your Active Directory configuration for security weaknesses and get actionable recommendations.

Microsoft Defender XDR Integration

Correlate identity signals with endpoint, email, and cloud app data for comprehensive cross-domain threat detection.

Real-time Monitoring

Monitor authentication and authorization activities in real-time with sensors installed on domain controllers.

Available Plans

Defender for Identity

Full identity threat protection for on-premises Active Directory environments. Includes advanced threat detection, lateral movement analysis, and compromised credential identification.

Watch Demo

Get Your Price

Tell us what you need and we'll send you a custom quote within 1 business day.

Why Get Microsoft Defender for Identity Through Inventive HQ?

Authorized Partner

We work with leading vendors to provide genuine, fully licensed software solutions.

Expert Deployment

Our team helps configure and deploy solutions tailored to your needs.

Ongoing Support

Dedicated account management and technical support when you need it.

Volume Licensing

Flexible licensing options tailored to your organization's size and needs.

“Inventive HQ made our software procurement painless. They handled deployment, licensing, and training — we were up and running in days, not weeks.”

James Mitchell

IT Director, Mid-Market Financial Services

Ideal For

Detecting Identity-Based Attacks

Identify when attackers are using compromised credentials, performing reconnaissance, or attempting to escalate privileges within your Active Directory environment.

Investigating Security Incidents

Use detailed attack timelines and entity profiles to understand the full scope of an incident and identify all affected users and systems.

Protecting Against Insider Threats

Detect anomalous behavior that could indicate a malicious insider or compromised employee account before sensitive data is accessed.

Securing Hybrid Environments

Protect identities across both on-premises Active Directory and Azure AD in hybrid deployments with coordinated threat detection.

About Microsoft Defender for Identity

Learn how Microsoft Defender for Identity from Microsoft can help transform your business operations.

What is Microsoft Defender for Identity?

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, Azure ATP) is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Key Capabilities

Identity threat detection - Defender for Identity monitors user behavior and activities to create a behavioral baseline, then uses machine learning to detect anomalies that could indicate an attack or compromise.

Attack timeline investigation - Security teams can view a clear timeline of all suspicious activities and related events, making it easier to understand the scope and impact of potential attacks.

Lateral movement path detection - Visualize how attackers could move through your network by exploiting compromised credentials and vulnerable systems to reach sensitive accounts.

Compromised credential detection - Identify when user credentials have been compromised through techniques like brute force attacks, exposed credentials, or pass-the-hash attacks.

How It Works

Defender for Identity uses sensors installed on your domain controllers to capture and parse network traffic for authentication, authorization, and information gathering. These sensors send data to the Defender for Identity cloud service for analysis.

The solution integrates with Microsoft Defender XDR to correlate identity signals with endpoint, email, and cloud app data for comprehensive threat detection across your entire digital estate.

Ideal For

Organizations using on-premises Active Directory
Security teams investigating identity-based attacks
Enterprises needing to detect lateral movement
Companies protecting against insider threats
Hybrid environments with Azure AD Connect

Frequently Asked Questions

Ready to Get Started with Microsoft Defender for Identity?

Let our experts help you deploy and configure Microsoft Defender for Identity for your organization. Get expert guidance and dedicated support.

Have Questions? Talk to Us

Microsoft Defender for Identity

Key Features

Advanced Threat Detection

Lateral Movement Paths

Compromised Credential Detection

Security Posture Assessment

Microsoft Defender XDR Integration

Real-time Monitoring

Available Plans

Defender for Identity

Get Your Price

Why Get Microsoft Defender for Identity Through Inventive HQ?

Authorized Partner

Expert Deployment

Ongoing Support

Volume Licensing

Ideal For

Detecting Identity-Based Attacks

Investigating Security Incidents

Protecting Against Insider Threats

Securing Hybrid Environments

About Microsoft Defender for Identity

What is Microsoft Defender for Identity?

Key Capabilities

How It Works

Ideal For

Frequently Asked Questions

Ready to Get Started with Microsoft Defender for Identity?

Similar Products

AvePoint Cloud Solutions

Axcient x360

BitTitan MigrationWiz