This blog was co-authored by Alex Weinert, VP Identity Security and Ramya Chitrakar, CVP Apps and Identity.

Chances are you’ve heard the phrase “attackers don’t break in, they log in.” Identities have evolved to be the most targeted asset, because they enable cyber criminals to move and operate across environments to achieve their goals. In 2023, identity-based attacks reached a record-high with 30 billion attempted password attacks each month, as cyber-criminals capitalize on the smallest misconfigurations and gaps in your identity protection.  

As customers have applied MFA, device compliance, and other Zero Trust core principles to their identity environments, attackers have shifted to attacking the identity infrastructure itself. While it is critical to protect all identities – identifying, preventing, detecting and responding to attacks on the Identity admins, apps, and services that provide the foundation of your Zero Trust platform is more critical than ever. That’s why it’s critical for organizations to build a holistic approach to defend their identity estate across both - on-prem infrastructure and cloud identities - by making Identity Threat Detection and Response (ITDR) a cornerstone of their defense strategy. KuppingerCole defines ITDR as a class of security solutions designed to proactively detect, investigate, and respond to identity-related threats and vulnerabilities in an organization's IT environment. 

Today we are thrilled to announce that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass Identity Threat Detection and Response: IAM Meets the SOC. The report calls out our strengths across key capabilities ranging from identity posture to remediation, while further highlighting Microsoft’s commitment to protecting all organizations. VP KuppingerCole US and Global Head of Research Strategy Mike Neuenschwander states that “Microsoft’s approach to ITDR is refreshingly open, including integration with other cloud identity platforms such as AWS, Google Cloud, and Okta.”.  

Figure 1: ITDR Leadership compass with Microsoft as a leader

Streamline your identity protection with ITDR and generative AI  

At Microsoft, we look at ITDR as a set of capabilities at the intersection of Identity and Access Management (IAM) and Extended Detection and Response (XDR). Designed to break down organizational silos and optimize collaboration and effectiveness of identity and SOC teams, we built a seamless integration between Microsoft Entra ID and Microsoft Defender XDR that empowers organizations to reinforce their security boundary with complete protection across their hybrid identity landscape.  Further, generative AI in the form of Microsoft Copilot for Security is embedded across all security and IT professionals respond to cyber threats, process signals, and assess risk exposure at the speed and scale of AI. 

As organizations begin to implement their ITDR strategies, they should consider 4 key areas: 

• Enforce secure, adaptive access: Adopting a comprehensive, defense-in-depth strategy that spans identities, endpoints, and networks is the starting point of any ITDR initiative. Implementing consistent identity and network access policies from a single unified engine across public and private networks is critical to protecting identities and securing access to resources. The Zero Trust Network Access model of Microsoft Entra Private Access enables secure connectivity to private resources from Windows, iOS, Mac, and Android operating systems and across any port and protocol, including SMB, RDP, FTP, SSH, SAP, printing, and all other TCP/UDP based protocols to significantly reduce the risk of potential breaches. Using advanced user and entity behavioral analytics (UEBA) in Microsoft Entra ID Protection, Conditional Access policies make real-time access decisions based on contextual factors such as user, device, location, network, and real-time risk information to control what a specific user can access and how and when they have access seamlessly across on-premises and cloud environments. Analyze risk signals in real time and automatically block access or prompt re-authentication, like MFA, to stop suspicious activity in real time and before a breach occurs.  

• Proactively protect your on-premises resources and harden your identity posture: Misconfigurations in identity infrastructure, permissions, or access controls are the Achillies’ heel of identity security. All it takes is one compromised user account, infected device, or an open port for an attacker to access and laterally move anywhere inside your network. These breaches-waiting-to-happen can have far-reaching consequences as Identities have become an integral part of almost every element of modern security practices. Microsoft provides , identity-specific posture recommendations spanning on-premises Active Directory environments, Microsoft Entra ID deployments and even other common identity solutions all within the context of a broader security posture score. 

• Disrupt and remediate identity threats at machine speed: Automatic attack disruption is an out-of-the-box capability in Defender XDR that stops the progression and limits the impact of some of the most sophisticated attacks that involve identity compromise. Using the significant breadth of our signals, it not only disrupts ongoing attacks but accurately predicts the attacker’s next move and proactively blocks it with 99% confidence. Ransomware campaigns are now disrupted within an average of 3 minutes. Our powerful capabilities support identity-involved attacks like business email compromise, adversary-in-the-middle, and can even disrupt Ransomware campaigns within an average of 3 minutes. 

• Augment your security teams with generative AI: Microsoft Copilot for Security is the first generative AI security product to help protect organizations at machine speed and scale. Copilot for Security is an AI assistant for security teams that builds on the latest in large language models. Copilot is native within the existing Entra and Defender experiences, helping identity and SOC teams prioritize, understand and act upon identity risks and security incidents with step-by-step recommendations in seconds.  

As the sophistication and prevalence of identity-based attacks continue to grow, ITDR is becoming increasingly critical to modern cybersecurity and we are excited to see KuppingerCole highlight this in their latest report. Looking forward, we will continue to integrate our industry-leading solution and AI capabilities to help our customers future-proof their defenses and stay resilient against evolving cyberthreats in the workforce identity space. 

​​To learn more about Microsoft’s ITDR solution visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.