Red Canary can integrate with Microsoft Defender for Identity. This integration provides visibility into the identity dimension of a confirmed threat and enables you to respond to threats quickly and comprehensively. Red Canary uses a single integration with the Microsoft Graph API to collect alerts from both workloads.
How are these capabilities activated in Microsoft?
Defender for Identity
Defender for Identity is a standalone sensor which is deployed on your self-managed Active Directory Domain Controllers. To get started, see Microsoft’s Prerequisites and Installation instructions.
Azure AD Identity Protection
If you have the appropriate license, get started by configuring risk policies in your Azure portal.