|
| 1 | +--- |
| 2 | +# Required metadata |
| 3 | +# For more information, see https://review.learn.microsoft.com/en-us/help/platform/learn-editor-add-metadata?branch=main |
| 4 | +# For valid values of ms.service, ms.prod, and ms.topic, see https://review.learn.microsoft.com/en-us/help/platform/metadata-taxonomies?branch=main |
| 5 | + |
| 6 | +title: Identity inventory |
| 7 | +description: The Identity Inventory provides a centralized location for customers to view and manage identity information across their environment, ensuring optimal visibility and a comprehensive experience. The updated Identities Inventory page, located under Assets in Defender XDR portal |
| 8 | +author: LiorShapiraa # GitHub alias |
| 9 | +ms.author: liorshapira |
| 10 | +ms.service: microsoft-defender-for-identity |
| 11 | +ms.topic: article |
| 12 | +ms.date: 03/13/2025 |
| 13 | +--- |
| 14 | + |
| 15 | +# Identity inventory |
| 16 | + |
| 17 | +__Applies to:__ |
| 18 | + |
| 19 | +- [Microsoft Defender for Identity](https://aka.ms/aatp/docs) |
| 20 | + |
| 21 | +- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/) |
| 22 | + |
| 23 | +- [Microsoft Defender XDR](/defender-xdr) |
| 24 | + |
| 25 | +The __Identity inventory__ provides a centralized view of all identities in your organization, enabling you to monitor and manage them efficiently. At a glance, you can see key details such as Domain, Tags, Type, and other attributes, helping you quickly identify and manage identities that require attention. |
| 26 | + |
| 27 | +The Identities inventory page includes the following tabs: |
| 28 | + |
| 29 | +- **Identities**: A consolidated view of identities across Active Directory, Entra ID. This Identities tab highlights key details, including identity types, and user's information. |
| 30 | + |
| 31 | +- **Cloud application accounts:** Displays a list of cloud application accounts, including those from application connectors and third-party sources (original available in the previous version based on Microsoft Defender for Cloud Apps). Learn more about [Cloud application accounts from connected apps.](/defender-cloud-apps/accounts) |
| 32 | + |
| 33 | +There are several options you can choose from to customize the identities list view. On the top navigation you can: |
| 34 | + |
| 35 | +- Add or remove columns. |
| 36 | + |
| 37 | +- Apply filters. |
| 38 | + |
| 39 | +- Search for an identity by name or full UPN, Sid and Object ID. |
| 40 | + |
| 41 | +- Export the list to a CSV file. |
| 42 | + |
| 43 | +- Copy list link with the included filters configured. |
| 44 | + |
| 45 | +##  |
| 46 | + |
| 47 | +### Identity details |
| 48 | + |
| 49 | +The **Identities** list offers a consolidated view of identities across Active Directory and Entra ID. It highlights key details, including the following columns by default: |
| 50 | + |
| 51 | +- __Display name__ – The full name of the identity as shown in the directory. |
| 52 | + |
| 53 | +- __SID__ – The Security Identifier, a unique value used to identify the identity in Active Directory. |
| 54 | + |
| 55 | +- __Domain__ – The Active Directory domain to which the identity belongs. |
| 56 | + |
| 57 | +- __Object ID__ – A unique identifier for the identity in Entra ID. |
| 58 | + |
| 59 | +- __Source__ – Indicates whether the identity is on-premises (originate from Active Directory), Cloud only (Entra ID) or Hybrid (synced from AD to Entra ID). |
| 60 | + |
| 61 | +- __Type__ – Specifies if the identity is a user account or service account. |
| 62 | + |
| 63 | +- __UPN (User Principal Name)__ – The unique login name of the identity in an email-like format. |
| 64 | + |
| 65 | +- __Tags__ – Custom labels that help categorize or classify identities: Sensitive and Honeytoken. |
| 66 | + |
| 67 | +- __Created time__ – The timestamp when the identity was first created. |
| 68 | + |
| 69 | +- __Criticality level__ – Indicates the critical level of the identity. |
| 70 | + |
| 71 | +- __Account status__ – Shows whether the identity is enabled or disabled. |
| 72 | + |
| 73 | +- __Last updated__ – The timestamp of the most recent update to the identity's attributes in Active Directory. |
| 74 | + |
| 75 | +Non-default columns: Email and Entra ID risk level. |
| 76 | + |
| 77 | +> [!TIP] |
| 78 | +> To see all columns, you likely need to do one or more of the following steps: |
| 79 | +> - Horizontally scroll in your web browser. |
| 80 | +> - Narrow the width of appropriate columns. |
| 81 | +> - Zoom out in your web browser. |
| 82 | +
|
| 83 | +### Sort and filter the Identities list |
| 84 | + |
| 85 | +You can apply the following filters to limit the list of identities and get a more focused view: |
| 86 | + |
| 87 | +- Domain |
| 88 | + |
| 89 | +- Type |
| 90 | + |
| 91 | +- Source |
| 92 | + |
| 93 | +- Tags |
| 94 | + |
| 95 | +- Criticality level |
| 96 | + |
| 97 | +- Account status |
| 98 | + |
| 99 | +Sort option applies to Display name, Domain and Created time columns. |
| 100 | + |
| 101 | +### Identity inventory insights |
| 102 | + |
| 103 | +- The __Classify critical assets__ card allows you to define identity groups as business critical. For more information, see [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management). |
| 104 | + |
| 105 | +- **Highly privileged identities** card helps you investigate in Advanced hunting all sensitive accounts in your organization, including Entra ID security administrators and Global admin users. |
| 106 | + |
| 107 | +- **Critical Active Directory service accounts** card helps you quickly identify all Active Directory accounts designated as critical, making it easier to focus on identities most at risk. |
| 108 | + |
| 109 | +At the top of each device inventory tab, the following device counts are available: |
| 110 | + |
| 111 | +- __Total__: The total number of identities. |
| 112 | + |
| 113 | +- __Critical:__ The number of your critical assets. |
| 114 | + |
| 115 | +- **Disabled:** The number of all disabled identities in your organization. |
| 116 | + |
| 117 | +- **Services:** The number of all service accounts both on-premises and cloud. |
| 118 | + |
| 119 | +You can use this information to help you prioritize devices for security posture improvements. |
| 120 | + |
| 121 | +### Navigate to the Identity inventory page |
| 122 | + |
| 123 | +Use relative links instead of absolute links. |
| 124 | +In the Defender XDR portal at [https://security.microsoft.com](https://security.microsoft.com), go to Assets > Identities. Or, to navigate directly to the [identity inventory](/defender-for-identity/identity-inventory) page. |
| 125 | + |
| 126 | +### Related Articles |
| 127 | + |
| 128 | +- [Investigate cloud application accounts](/defender-cloud-apps/accounts) |
| 129 | + |
| 130 | +- [Investigate users in Microsoft Defender XDR](/defender-xdr/investigate-users) |
| 131 | + |
| 132 | +- [Investigate assets in Microsoft Defender for Identity](/defender-for-identity/investigate-assets) |
| 133 | + |
0 commit comments