Security / Identity · Security & Compliance
Defender for Identity
Defender for Identity (formerly Azure ATP) protects on-premise Active Directory environments — detects credential theft, lateral movement, reconnaissance, ransomware behavior on AD. Bridges hybrid identity (cloud + on-prem) for unified threat detection.
AD Threat Detection
Pass-the-hash, golden ticket, DCSync, reconnaissance.
Lateral Movement
Detect attackers moving across domain.
Real-time
Alerts within minutes of suspicious activity.
XDR Integration
Part of Defender XDR for unified incident view.
Licensing
License model
Per User · Standalone or in M365 E5
Commitment options
- 1 year
Who is this for?
Organizations with on-premise ADHybrid identity deployments
Frequently Asked Questions
Cloud-only AD (Entra ID only)?
Defender for Identity protects on-premise AD specifically. Cloud-only Entra ID has its own protection (Entra ID Protection in P2). Hybrid deployments benefit most from Defender for Identity.
Xen Bilişim Deployment Process
- 1. Discovery & sizing: Current environment, user count, OS/cloud distribution and compliance requirements analysed; correct SKU and licence count proposed.
- 2. Pilot deployment: A 10-25 device subset goes live; integration with existing security stack tested; alerting + reporting configured.
- 3. Full rollout: Phased rollout across all endpoints; policy templates applied; user training and IT runbook delivered.
- 4. Optimisation & follow-up: 90-day post-launch tuning: false-positive triage, policy hardening, KPI review and quarterly health-checks.
Typical end-to-end timeline: 2-4 weeks (varies by user count and integration scope).