Find and Fix Risky NHIs Before Adversaries Exploit Them
Analysts can use the dashboard to find high-risk non-human identities and close security gaps before adversaries take advantage. This may include, for example, privileged service accounts with inadequate password policies that could make it easy for adversaries to gain valid credentials.
We have expanded the number of security checks for Entra ID and AD to identify excessive permissions and misconfigurations across service principals. These expanded checks spotlight risks like over-permissioned NHIs with unnecessary access to applications such as Microsoft Teams, which adversaries could exploit for lateral movement or data exfiltration.
With visibility into these risks, analysts can use the NHI dashboard to ensure non-human identities are only accessing what they are permitted to access. Further, this visibility enables analysts to create prescriptive identity protection policy rules to stop unwanted and/or malicious activity — for example, blocking access from rarely used source endpoints the moment malicious activity is detected.
Key Takeaway: Falcon Identity Protection gives analysts immediate visibility into non-human identity risk and actionable insights to prevent identity-based attacks.
Stop Insider Threats During Employee Departures
Security teams often lack proactive visibility when employees depart, creating a dangerous gap that can lead to data theft or sabotage. CrowdStrike fuses HR signals with real-time identity and data behavior analytics to detect and stop insider risk by helping customers:
- Add departing employees to a watchlist and continuously monitor their activity
- Automatically flag high-risk activity like privilege escalation or unusual data transfers
- Dynamically enforce policy actions, extend risk-based conditional access, and leverage MFA to stop malicious activity in real time
Falcon Identity Protection integrates with Workday to leverage HR-driven lifecycle events, such as employee resignations, to proactively tag users as leavers before risk escalates. These watchlisted users are then continuously monitored for unusual data access or account activity, enabling early detection of potential insider threats. When suspicious behavior is detected, adaptive enforcement policies automatically respond with actions like requiring multifactor authentication (MFA), revoking sessions, or blocking access entirely — mitigating risk in real time.
Key Takeaway: Falcon Identity Protection proactively stops insider threats during offboarding by combining HR signals and real-time behavioral analytics.
Lock Down Privileged Access in Hybrid Microsoft Environments
Standing privileges are a standing risk for organizations. CrowdStrike Falcon Privileged Access, recently announced, provides just-in-time access so users can only access what they need, when they need it, as security conditions allow. This capability is now expanded to enforce just-in-time privileged access across Microsoft Entra ID and Active Directory.
With this, organizations now have additional protection for their hybrid Microsoft environments. They gain continuous risk-based monitoring, real-time access revocation, and simpler privileged access enforcement with faster time-to-value.
When just-in-time policy conditions are met, such as a user having a low identity protection risk score, privileged access can be automatically granted or available upon request. Risk scores are continuously authenticated so elevated access can be revoked in real time if risk levels change. This helps ensure elevated privileges are only assigned under secure, policy-driven conditions. With this enforcement model, privileged access is always temporary, always contextual, and always secure.
Watch this video to see how Falcon Privileged Access stops adversaries with just-in-time privileges.
Key Takeaway: Falcon Privileged Access delivers real-time, risk-based enforcement for just-in-time access across hybrid Microsoft environments.
CrowdStrike Leads in Unified Identity Protection
With these innovations, CrowdStrike strengthens its position as a leader in unified identity protection. Falcon Identity Protection now delivers:
- Real-time prevention for insider threats and employee turnover
- Comprehensive NHI protection across hybrid identity environments
- Just-in-time privileged access with continuous risk monitoring for hybrid Microsoft environments
CrowdStrike’s momentum in identity protection continues to earn recognition from leading analysts and, more importantly, our customers. We were recently named a Leader and Outperformer in the 2025 GigaOm Identity Threat Detection and Response Radar Report, which praised our “continued rapid development” and “strong roadmap.”
As adversaries get smarter, CrowdStrike gets faster. By unifying identity, data, and threat protection, we give security teams the power to stop attacks before they start — and the visibility to investigate what others miss. Learn how to build a comprehensive identity protection strategy that stops breaches.
