Honeytoken account suspicious activities.
Brute force attempts (now also detected via AD FS).Reconnaissance by targeted entity attributes.Resource access and suspicious activities.What specific capabilities are provided by Microsoft Defender for Identity and integration with Microsoft 365 Security? Note the features below for detecting compromise and preventing lateral movement. Specific capabilities of Microsoft Defender for Identity Service account / Group Managed Service Account (read-only).Network ports-443 (outbound), DNS, NetLogon, RADIUS (internal) and NTLM, NetBIOS, and RDP on devices for Name Resolution.Server support-Windows Server 2008 R2 SP1 and higher.You can think of the sensor as the Microsoft Defender for Identity "agent." The requirements for it include the following: Microsoft Defender for Identity architecture Sensor requirements