The New Shiny Identity Inventory in Defender XDR

By /

Listen to this Post

The new Identity Inventory in Defender XDR offers a centralized view of all identities within an organization, enabling efficient monitoring and management. This feature provides key details such as Domain, Tags, Type, and other attributes, allowing quick identification and management of identities that require attention.

The Identities inventory page includes the following tabs:

  • Identities: A consolidated view of identities across Active Directory and Entra ID, highlighting key details like identity types and user information.
  • Cloud Application Accounts: Displays a list of cloud application accounts, including those from application connectors and third-party sources.

You Should Know:

To leverage the Identity Inventory in Defender XDR, follow these steps:

1. Access Defender XDR Portal:

  • Open your browser and navigate to the Defender XDR portal.
  • Log in with your admin credentials.

2. Navigate to Identity Inventory:

  • In the left-hand menu, click on “Identity Inventory” under the “Assets” section.

3. View Identities:

  • On the Identities tab, you can see a list of all identities.
  • Use filters to sort by Domain, Tags, or Type.

4. Manage Cloud Application Accounts:

  • Switch to the “Cloud Application Accounts” tab to view and manage cloud-based identities.
  • Click on any account to see detailed information and take necessary actions.

5. Export Data:

  • To export the identity data, click on the “Export” button at the top right corner.
  • Choose the format (CSV or JSON) and save the file to your local machine.

Practice Verified Commands and Steps:

  • PowerShell Command to List Identities: 
    Get-MsolUser -All | Select-Object UserPrincipalName, DisplayName, Department

    This command retrieves all users in your Azure AD and displays their UserPrincipalName, DisplayName, and Department.

  • PowerShell Command to Export Identities:

    Get-MsolUser -All | Export-Csv -Path "C:\Identities.csv" -NoTypeInformation

    This command exports all user identities to a CSV file.

  • Linux Command to Check Active Directory Connectivity:

    ldapsearch -x -h yourdomaincontroller.com -b "dc=yourdomain,dc=com" -D "cn=admin,dc=yourdomain,dc=com" -w yourpassword

    This command checks connectivity to your Active Directory and lists all entries.

  • Windows Command to Verify Domain Connectivity:

    nslookup yourdomain.com

This command verifies DNS resolution for your domain.

What Undercode Say:

The Identity Inventory in Defender XDR is a powerful tool for managing and monitoring identities across your organization. By centralizing identity information, it simplifies the process of identifying and addressing potential security issues. The integration with Active Directory and Entra ID ensures that you have a comprehensive view of all identities, both on-premises and in the cloud. The ability to export data and use PowerShell commands further enhances its utility, making it an essential component of any cybersecurity strategy. For more detailed information, visit the official documentation.

References:

Reported By: Markolauren Defenderxdr – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: