Alliant Information Technology
858.635.4355
  • Home
    • Satisfaction Survey
  • Security
    • Barracuda
    • Data Loss Prevention
    • Email - Advanced Threat Protection
    • Email - Spam Reporting
    • ModernAuth
    • MS Credentials Backup/Recover
    • Self-Service Password Reset
    • Sensitive Information Security
    • Setup Multi-Factor Authentication >
      • MFAHelper
    • Upfort
  • Canvas
    • AMS
    • Canvas Studio
    • Canvas Companion >
      • General Course Information
      • Share/Copy My Course
      • Import Shared Course from File
      • Moodle to Canvas Import
      • Download Course Roster
      • Canvas Emails and Messaging
      • Course Nickname
      • Section Crosslisting
      • Customize Course List
      • Course Crosslisting
      • MS Teams
      • Turnitin
      • Turnitin Grading
      • Turnitin - Students
      • Large Files/OneDrive (Content Editor)
      • Large Files/OneDrive (Module Items)
      • Canvas - File Storage/Large Files
    • Canvas Notifications
  • Webconference
    • Kandao
    • Kaptivo
    • Rally
    • Scribe
    • Teams
    • Zoom >
      • Downloading Your Zoom Cloud Recording
  • Applications
    • Acrobat Digital Signature
    • CNS Info >
      • Profile Update (Students)
      • CNS Citrix Install MacOS
    • Five9 >
      • Five9 for Salesforce Install
      • Five9 Removing SoftPhone Mac
      • Five9SoftPhoneSalesForce
      • Five9SoftPhoneHTML5
      • VCC-Error-Five9-Server-Unavailable
    • NVivo
    • O365
    • OneDrive Sync
    • Outlook >
      • Outlook Tips
    • Proctorio
    • Qualtrics
    • ReGroup >
      • Update contact info (Students)
      • Update Contact Info (Faculty/Staff)
    • SalesForce for Outlook
    • Setup Email on iOS device
    • SPSS >
      • Amos
      • Statistics
    • Teaching Channel
    • TeamViewer
    • Turnitin
  • Resources
    • Alliant App
    • Alliant Wi-Fi >
      • ForgetWiFi
      • Alliant Wi-Fi Info
    • Create a Personal Email Contact Group
    • Android
    • Help App
    • Housing
    • Parking
    • Phones >
      • SoftPhoneMaxUC
      • Phone Forwarding
      • Phone Forward for Conditional Time Period
      • Phone HuntGroup login/logout
      • Reset Phone to Factory Defaults
    • Technology Humor

Microsoft Defender - formerly Advanced Threat Protection (ATP)
​Alliant International University utilizes Microsoft Defender tools
to assist in the protection of user accounts and associated data


​What is Microsoft Defender for Identity?
Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:
  • Monitor users, entity behavior, and activities with learning-based analytics
  • Protect user identities and credentials stored in Active Directory
  • Identify and investigate suspicious user activities and advanced attacks throughout the kill chain
  • Provide clear incident information on a simple timeline for fast triage

Monitor and profile user behavior and activities
Defender for Identity monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. Defender for Identity then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization. Defender for Identity's proprietary sensors monitor organizational domain controllers, providing a comprehensive view for all user activities from every device.

Protect user identities and reduce the attack surface
Defender for Identity provides you invaluable insights on identity configurations and suggested security best-practices. Through security reports and user profile analytics, Defender for Identity helps dramatically reduce your organizational attack surface, making it harder to compromise user credentials, and advance an attack. Defender for Identity's visual Lateral Movement Paths help you quickly understand exactly how an attacker can move laterally inside your organization to compromise sensitive accounts and assists in preventing those risks in advance. Defender for Identity security reports help you identify users and devices that authenticate using clear-text passwords and provide additional insights to improve your organizational security posture and policies.

Identify suspicious activities and advanced attacks across the cyber-attack kill-chain
Typically, attacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets – such as sensitive accounts, domain administrators, and highly sensitive data. Defender for Identity identifies these advanced threats at the source throughout the entire cyber-attack kill chain:

Reconnaissance
Identify rogue users and attackers' attempts to gain information. Attackers are searching for information about user names, users' group membership, IP addresses assigned to devices, resources, and more, using a variety of methods.

Compromised credentials
Identify attempts to compromise user credentials using brute force attacks, failed authentications, user group membership changes, and other methods.

Lateral movements
Detect attempts to move laterally inside the network to gain further control of sensitive users, utilizing methods such as Pass the Ticket, Pass the Hash, Overpass the Hash and more.

Domain dominance
Highlighting attacker behavior if domain dominance is achieved, through remote code execution on the domain controller, and methods such as DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.

Investigate alerts and user activities
​
Defender for Identity is designed to reduce general alert noise, providing only relevant, important security alerts in a simple, real-time organizational attack timeline. The Defender for Identity attack timeline view allows you to easily stay focused on what matters, leveraging the intelligence of smart analytics. Use Defender for Identity to quickly investigate threats, and gain insights across the organization for users, devices, and network resources. Seamless integration with Microsoft Defender for Endpoint provides another layer of enhanced security by additional detection and protection against advanced persistent threats on the operating system.

ithelp.alliant.edu
is property of
Alliant International University

Picture

Contact the IT Helpdesk at:
support@alliant.edu
858.635.4355