Defender for Identity entity tags
Implementation Effort: Low: Customer IT and Security Operations teams need to drive projects to manually tag entities and configure settings in Microsoft Defender XDR.
User Impact: Low: Action can be taken by administrators, and users don’t have to be notified.
Overview
This documentation explains how to apply entity tags in Microsoft Defender for Identity, including tags for sensitive accounts, Exchange servers, and honeytoken accounts. These tags are crucial for detections that rely on an entity's sensitivity status, such as sensitive group modification detections and lateral movement paths, fitting into the Zero Trust framework by enhancing security monitoring and response capabilities.