跳到主要內容

Defender for Identity entity tags

Implementation Effort: Low: Customer IT and Security Operations teams need to drive projects to manually tag entities and configure settings in Microsoft Defender XDR.

User Impact: Low: Action can be taken by administrators, and users don’t have to be notified.

Overview

This documentation explains how to apply entity tags in Microsoft Defender for Identity, including tags for sensitive accounts, Exchange servers, and honeytoken accounts. These tags are crucial for detections that rely on an entity's sensitivity status, such as sensitive group modification detections and lateral movement paths, fitting into the Zero Trust framework by enhancing security monitoring and response capabilities.

Reference

Defender for Identity entity tags in Microsoft Defender XDR