Identity Summary: New Security Copilot skill within Defender XDR by info.odysseyx@gmail.com September 25, 2024 written by info.odysseyx@gmail.com September 25, 2024 0 comment 5 views 5 “Can you summarize Defender insights for this user over the last two days?” Microsoft’s latest innovation for Copilot for Security streamlines investigations for SOC teams with the new Identity Summary feature within Defender XDR. Today, we are excited to share details about the new Identity Summary technology available in the Microsoft Defender XDR and Copilot for Security portals. This technology provides a natural language summary of user behavior anomalies and potential configuration errors. This blog highlights how the summary can help you uncover inconsistencies and security gaps so you can take timely action to strengthen your organization’s overall security posture. The new Identity Summary is a powerful tool for security teams, providing a clear and comprehensive view of identities. This feature helps organizations quickly identify and resolve potential security issues by providing insight into identity behavior and misconfigurations. Integrating this capability into your security practices will increase visibility into identity activity, strengthen your organization’s defenses, and help you respond to evolving cybersecurity threats. To trigger this skill in Defender Experience, simply navigate to your Users page and an ID summary will automatically appear in the left pane, as shown below. You should create a prompt in the Copilot for Security portal that specifies that you are looking for security information. A message like “What can Defender tell you about _____________ over the last _______ days?” will prompt Copilot to focus on Defender data and prompt the skill to produce something like the image below. The summary itself consists of several sections, which Copilot displays based on relevance. For example, if the investigation does not find any failed login events, that section will be omitted. The image below provides some examples of potential Identity summaries. Here are two examples of ID summaries that appear in Defender XDR. Key features of the identity summary: Within the Defender XDR portal, the identity summary covers the last 30 days, while the Copilot for Security portal can pull in insights going back up to 120 days, depending on the investigation. Here’s a full list of insights you can find in the summary: Login Location: Security Copilot gains insights from your login data, analyzing your reported and actual locations to highlight inconsistencies that could indicate potential security threats or misconfigurations. It also flags concurrent logins from distant locations that could indicate misuse of credentials or real-world security issues worth investigating. Role change: This section tracks changes in role assignments to analyze their relevance to users’ jobs and departments, identifying inappropriate permissions or suspicious activity. Copilot also analyzes the frequency of changes to provide deeper insight into appropriate permission levels and potentially suspicious activity. device: You can view a list of Intune-managed devices associated with the user, which may include details about enrollment status and compliance. You can also view a list of devices that are logged in, which can help you identify unfamiliar, potentially unmanaged, or unauthorized devices. This section of the summary is not intended to replace, but rather complement, the Intune Device Summary. While the Intune Device Summary provides an in-depth view of a single device, this section of the Identity Summary provides a broader, user-centric view of all of a user’s device usage. Failed login attempt: Copilot flags failed login attempts in this specific section for easier investigation. proof: Here you can see details about the authentication methods your users use to access your application. This can help you identify potential security gaps, such as missing multi-factor authentication. Contact Information: The summary contains essential contact information for the identity and administrator. This facilitates quick communication and allows for follow-up if anomalies or issues need to be addressed in the previous section of the identity summary. Microsoft Defender for Identity asks you to provide feedback on your experience with Identity Summary. Your feedback, including feature requests, will be passed directly to product managers and relevant engineers to help improve and enhance the tool. *Screenshots do not correspond to actual identity identifiers or data.* Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post Azure SQL DB & MI Disaster Recovery: Take command and conquer any crisis! next post Software Engineer Job Opportunities Available in Srinagar with Leading Client of Freshersworld You may also like 7 Disturbing Tech Trends of 2024 December 19, 2024 AI on phones fails to impress Apple, Samsung users: Survey December 18, 2024 Standout technology products of 2024 December 16, 2024 Is Intel Equivalent to Tech Industry 2024 NY Giant? December 12, 2024 Google’s Willow chip marks breakthrough in quantum computing December 11, 2024 Job seekers are targeted in mobile phishing campaigns December 10, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.