MICROSOFT Defender now protects high-value assets by using asset-aware protection powered by Microsoft Security Exposure Management to detect and block threats targeting critical systems such as domain controllers, web servers, and identity infrastructure. The approach emphasises asset context, enabling risk-based detections that treat Tier-0 assets differently from general servers, so even small risks can have a large blast radius if they affect HVAs.
The article notes that in more than 78% of recent human-operated attacks, threat actors compromise a High-Value Asset to gain elevated access, underscoring the need for asset-aware protections such as automatic attack disruption and HVA‑aware anomaly detection. Real‑world scenarios include domain controller protection where attempts to dump the NTDS[.]DIT are blocked, and a webshell dropped onto an Exchange server is remediated immediately due to the asset’s internet-facing role.
Defender’s protection also extends to remote credential dumping, with stronger safeguards applied when device role and critical asset context indicate heightened risk. 27 March 2026.