Skills 101 - Identity Defense - From Alerts to Action

There's a big difference between seeing an alert and actually understanding the risk behind it. In this Skills 101 session, Quest experts Matt and Harry walk you through how to investigate what matters and turn identity signals into real action using Quest Identity Defense (formerly Security Guardian). 🔑 What You'll Learn: How Identity Defense collects and analyzes on-prem Active Directory data — including static permissions, group structures, and real-time change auditing The four detection types: Hygiene, Detect TTP, Anomaly Detection, and Tier 0 asset monitoring How to investigate high-severity findings like irregular AD replication and hidden privilege escalation (SDProp / admin count) How to pivot from a finding into full audit visualization, track user activity, and trace lateral movement (MC Red → MC Pink investigation) How Shields Up proactively blocks unauthorized changes in memory — no rollback needed How to build custom protection templates for Group Policy and AD objects with override accounts and granular attribute control 🛡️ Demo Highlights: Excluding known service accounts (e.g., MSOL) from noisy audit events using wildcards Investigating a compromised account that escalated privileges and modified the Default Domain Controller Policy Deploying Shields Up and proving even a Domain Admin is blocked from unauthorized changes Creating custom protection templates for GPOs and AD objects with attribute-level control Auditing both successes and failures to detect attack patterns using AI and machine learning Whether you're an AD admin, security engineer, or identity architect, this session gives you the tools to move from reactive to proactive identity defense. Learn More