E-mmersion Microsoft Defender for Identity (MDI)

Our E-mmersion provides a hands-on, immersive learning experience designed to deepen your understanding of Microsoft Defender for Identity. Through interactive exercises and real-world scenarios, you will explore how MDI enhances identity security, detects advanced threats, and integrates seamlessly with other Microsoft security solutions. This lab empowers you to proactively safeguard your organization’s identity infrastructure against evolving cyber threats.

Welcome, objectives, and an overview of Microsoft Defender for Identity.

Access validation and a brief tour of the lab interface.

Participants will explore MDI capabilities in a controlled environment, analyzing security data, user activities, and risk indicators. They will also simulate attack scenarios like lateral movement, credential theft, and reconnaissance.

A review of real-time alerts will provide insights into detection logic, response strategies, and best practices for mitigating identity-based threats.

The session will end with a Q&A, key takeaways, and next steps. Participants can provide feedback and receive guidance on additional resources and future training opportunities.

By participating in this E-mmersion Experience, you will…

Practical Experience

Implement and manage Microsoft Defender for Identity sensors in a controlled environment.

Threat Detection and Analysis

Learn to identify anomalous behaviors and investigate real-time alerts using advanced MDI capabilities.

Attack Scenario Simulation

Engage in exercises simulating lateral movement and credential theft to better understand common attack vectors.

Identity protection in action

Real-World scenarios enhancing your security

User and IP address reconnaissance (SMB) SMB enumeration on a domain controller triggers an alert, exposing SYSVOL access patterns that attackers use to track login and move laterally.

Network Mapping Reconnaissance (DNS) Attackers map networks via DNS reconnaissance; this alert detects unauthorized AXFR transfers and excessive queries.

Investigate a Reconnaissance & Discovery Alert SMB enumeration on a domain controller triggers an alert, exposing SYSVOL access patterns that attackers use to track login and move laterally.

Security Principal Reconnaissance (LDAP) Defender for Identity detects LDAP reconnaissance, the initial phase of Kerberoasting attacks where attackers enumerate SPNs to obtain TGS tickets.

Suspected DC Sync attack (replication of directory services) If attackers have DS-Replication-Get-Changes-All permission, they can replicate Active Directory data, triggering an alert if done from a non-domain controller.

Investigate a Credential Access Alert MDI helps discover and analyze attacks, ensuring your environment’s security. Investigate credential access alerts to understand potential threats.

Suspicious connection over EFS Remote Protocol MDI detects LDAP reconnaissance, often the first phase of a Kerberoasting attack, used to gather Security Principal Names (SPNs) for obtaining TGS tickets.

Investigate a Lateral Movement Alert Microsoft Defender for Identity helps discover and analyze attacks, ensuring security. Investigate lateral movement alerts to understand threats.

Data Exfiltration Over SMB This alert triggers when suspicious data transfers, like copying the ntds.dit file from a domain controller to a workstation, are detected.

Investigate Other Alerts Microsoft Defender for Identity helps discover and analyze attacks, ensuring security. Investigate other alerts to understand potential threats.

  • This E-mmersion experience is designed for technical decision-makers and IT professionals to enhance their security posture using Microsoft Defender for Identity.
  • This E-mmersion experience is designed for technical decision-makers and IT professionals to enhance their security posture using Microsoft Defender for Identity.
  • Gain practical experience in implementing and managing Microsoft Defender for Identity solutions to detect and respond to advanced threats targeting your organization.
  • Receive technical support and expert guidance throughout the entire E-mmersion experience.
Download Datasheet

How to get started?

Contact us to learn more

Or you may reach us at

Your contact information could not be saved. Please try again.
Your contact has been sent successfully.
The SMS field must contain between 6 and 19 digits and include the country code without using +/0 (e.g. 1xxxxxxxxxx for the United States)
?
Contact us
Scroll to Top