Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organisation.
Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
Please ensure you have the suitable license requirements in order for this feature to be available and provide alerts through the Microsoft Graph API.
Before proceeding, please make sure you have completed the prerequisites listed above.
Please follow the linked instructions in order to send alerts to SOC.OS via the Microsoft Graph API.
For more information on this method of integration, check out the Microsoft Graph API Overview.