Microsoft Defender for Identity Gets New Okta Integration to Combat Identity-Based Attacks
Seamless integration offers enhanced visibility and protection against identity-based threats.
Key Takeaways:
- Microsoft Defender for Identity now integrates with Okta to enhance identity threat detection.
- Security teams gain deeper insights using Okta’s sign-in and user behavior data.
- Setup requires specific Okta roles, API tokens, and configuration via the Microsoft Defender Portal.
Microsoft is strengthening identity protection by integrating Okta with its Defender for Identity solution, creating a more unified and proactive defense against identity-based threats. This integration enables security teams to detect and respond more quickly by leveraging Okta’s rich identity signals within Microsoft Defender for Identity.
Microsoft Defender for Identity is a cloud-based security solution designed to protect enterprise customers against advanced threats. It monitors and analyzes user activities and behaviours across on-premises Active Directory. This service uses signals like authentication patterns, permissions, and network traffic to detect suspicious actions, such as lateral movement, privilege escalation, and domain dominance attempts.
“Okta manages how users and customers sign in and get access to key systems. Since it plays a central role in identity and access management, any compromise whether accidental or intentional can lead to serious security risks. By integrating Microsoft Defender for Identity with Okta, you gain stronger identity protection,” Microsoft explained.
Key capabilities
This new Okta integration allows Microsoft Defender for Identity to monitor sign-in activity, including login times, IP addresses, device types, and geographic locations. Moreover, it uses machine learning and behaviour analytics to detect logins from unexpected locations, unusual times, and multiple failed login attempts. Microsoft Defender for Identity can also detect threats from compromised or misused identities.
Additionally, Microsoft Defender can now identify risks like suspicious role assignments or unused high-privileged accounts. Security teams can use Okta data to gain actionable insights to enhance the security posture of their organization.
Prerequisites
To integrate Okta with Microsoft Defender for Identity, organizations must have a Developer or Enterprise license. Administrators will need to create a dedicated Okta account for integration and then generate an API token in Okta that will be used in Microsoft Defender for Identity. They will also need to add custom user attributes in Okta, create a custom Okta role with limited permissions, and then connect Okta to Defender for Identity via the Microsoft Defender Portal.
Earlier this year, Microsoft announced that Defender for Identity now provides integration with popular Privileged Access Management (PAM) solutions. This new feature helps security teams enhance detection and response capabilities for privileged identities
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
