top of page

Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation.

Microsoft Defender for Identity uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation. Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD.

Help protect on-premises identities with cloud intelligence
Help prevent attacks

Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them with Microsoft Defender for Identity. Identity security posture assessments are displayed in Microsoft Secure Score for increased visibility.

Detect suspicious activities

Use real-time analytics and data intelligence with Microsoft Defender for Identity to prioritise and surface real threats. Frequent updates are delivered directly from the cloud to help you detect incidents as soon as possible.

Investigate risky behavior

Prioritise the riskiest users in your organisation with a user investigation priority score based on observed behavior and number of prior incidents.

Hunt for threats

Help ensure efficient remediation by using Microsoft Defender for Identity data in advanced hunting queries. Correlate this data across email, endpoints, and apps to look for threats across your organisation using Microsoft 365 Defender.

Azure Active Directory Plans

Azure Active Directory Free

The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, Power Platform, and others.

Cloud authentication

Federated authentication

Single sign-on (SSO) 

Multifactor authentication (MFA)

Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations)

SaaS apps with modern authentication (Azure AD application gallery apps, SAML, and OAUTH 2.0)

Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication)

Role-based access control (RBAC)

User and group management

Directory synchronization—Azure AD Connect (sync and cloud sync)

Delegated administration—built-in roles

Global password protection and management – cloud-only users

Application launch portal (My Apps)

User application collections in My Apps

Self-service account management portal (My Account)

Self-service password change for cloud users included

Automated user provisioning to apps

Basic security and usage reports

Azure Active Directory for Office 365

Additional Azure AD features are included with Office 365 E1, E3, E5, F1, and F3 subscriptions.

Azure Active Directory Free capabilities


Self-service sign-in activity search and reporting

Azure Active Directory Premium P1

Azure AD Premium P1, included with Microsoft 365 E3

Azure Active Directory for Office 365 capabilities


Service-level agreement

Group assignment to applications

Cloud app discovery (Microsoft Defender for Cloud Apps)

Application Proxy for on-premises, header-based, and Integrated Windows Authentication

Conditional Access

SharePoint limited access

Session lifetime management 

Advanced group management (Dynamic groups, naming policies, expiration, default classification)

Azure AD Connect Health reporting

Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory

Microsoft Identity Manager user client access license (CAL)

Self-service password reset/change/unlock with on-premises write-back

Self-service group management (My Groups)

Automated group provisioning to apps

HR-driven provisioning

Terms of use attestation

Advanced security and usage reports

Azure Active Directory Premium P2

Azure AD Premium P2, included with Microsoft 365 E5

Azure Active Directory Premium P1 capabilities


Identity Protection (Risky sign-ins, risky users, risk-based conditional access)

Self-service entitlement management (My Access)

Access certifications and reviews

Entitlements management

Privileged Identity Management (PIM), just-in-time access

Identity Protection: vulnerabilities and risky accounts

Identity Protection: risk events investigation, SIEM connectivity

bottom of page