ITDR
Sophos ITDR (Identity Threat Detection and Response) is software that helps improve your security posture by continuously monitoring your Microsoft Entra ID tenants for identity risks and misconfigurations, while providing dark web intelligence on compromised credentials. With ITDR, you receive a list of prioritized findings and an Identity Risk Posture score based on your current exposures within minutes of setup.
Note
ITDR is currently in the Early Access Program and not available to all customers. It's supported in Germany, Ireland, and the US.
To see ITDR, sign in to Sophos Central and go to My Products > Identity.
What is an identity?
An identity is a collection of unique identifiers that allow a computer to identify an entity, such as a person, organization, software program, or another computer.
ITDR includes the following active identities:
- Human identities: Represent users, such as employees, guests, or vendors.
- Machine or non-human identities (NHI): Represent entities such as applications, service principals, service accounts, machines, and any other identities that are used to authenticate and authorize access to resources or perform transactions between systems.
For more information, see My Environment.
What are findings?
A finding is the output of a posture check performed by ITDR. Findings have an associated risk level that you use to prioritize which to address first. Find an overview of the top findings with the highest risk on the Identity Risk Posture Overview page, a full table of findings on the Findings page, and findings related to a specific identity on Identity Details pages. For more information, see Findings.
Configure ITDR
After your ITDR license has been activated, click My Products > Identity > Settings to start configuring the identity provider integration with Microsoft Entra ID. Follow the steps within the interface to complete the integration and begin using ITDR. For integration setup instructions, see ITDR integration guide.