
Microsoft Defender for Identity
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation.
Microsoft Defender for Identity uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation. Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD.
Help protect on-premises identities with cloud intelligence
Help prevent attacks
Help security operations teams identify configuration vulnerabilities and get recommendations for resolving them with Microsoft Defender for Identity. Identity security posture assessments are displayed in Microsoft Secure Score for increased visibility.
Detect suspicious activities
Use real-time analytics and data intelligence with Microsoft Defender for Identity to prioritise and surface real threats. Frequent updates are delivered directly from the cloud to help you detect incidents as soon as possible.
Investigate risky behavior
Prioritise the riskiest users in your organisation with a user investigation priority score based on observed behavior and number of prior incidents.
Hunt for threats
Help ensure efficient remediation by using Microsoft Defender for Identity data in advanced hunting queries. Correlate this data across email, endpoints, and apps to look for threats across your organisation using Microsoft 365 Defender.
Azure Active Directory Plans
Azure Active Directory Free
The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, Power Platform, and others.
Cloud authentication
Federated authentication
Single sign-on (SSO)
Multifactor authentication (MFA)
Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations)
SaaS apps with modern authentication (Azure AD application gallery apps, SAML, and OAUTH 2.0)
Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication)
Role-based access control (RBAC)
User and group management
Directory synchronization—Azure AD Connect (sync and cloud sync)
Delegated administration—built-in roles
Global password protection and management – cloud-only users
Application launch portal (My Apps)
User application collections in My Apps
Self-service account management portal (My Account)
Self-service password change for cloud users included
Automated user provisioning to apps
Basic security and usage reports
Azure Active Directory for Office 365
Additional Azure AD features are included with Office 365 E1, E3, E5, F1, and F3 subscriptions.
Azure Active Directory Free capabilities
---plus---
Self-service sign-in activity search and reporting
Azure Active Directory Premium P1
Azure AD Premium P1, included with Microsoft 365 E3
Azure Active Directory for Office 365 capabilities
---plus---
Service-level agreement
Group assignment to applications
Cloud app discovery (Microsoft Defender for Cloud Apps)
Application Proxy for on-premises, header-based, and Integrated Windows Authentication
Conditional Access
SharePoint limited access
Session lifetime management
Advanced group management (Dynamic groups, naming policies, expiration, default classification)
Azure AD Connect Health reporting
Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory
Microsoft Identity Manager user client access license (CAL)
Self-service password reset/change/unlock with on-premises write-back
Self-service group management (My Groups)
Automated group provisioning to apps
HR-driven provisioning
Terms of use attestation
Advanced security and usage reports
Azure Active Directory Premium P2
Azure AD Premium P2, included with Microsoft 365 E5
Azure Active Directory Premium P1 capabilities
---plus---
Identity Protection (Risky sign-ins, risky users, risk-based conditional access)
Self-service entitlement management (My Access)
Access certifications and reviews
Entitlements management
Privileged Identity Management (PIM), just-in-time access
Identity Protection: vulnerabilities and risky accounts
Identity Protection: risk events investigation, SIEM connectivity