Microsoft today confirmed that it has acquired Aorato, an Israel-based maker of security solutions co-founded by veterans of the Israeli defense forces, which only exited from stealth earlier this year. Aorato’s focus is on enterprise services in the cloud and in hybrid on-premise and cloud environments, using machine learning to detect suspicious patterns.

The terms of the deal were not disclosed today, but when the acquisition was first rumored months ago, we and others heard from sources close to the deal that it was in the region of $200 million.

Corporate Vice President, Cloud and Enterprise Marketing, Microsoft, notes in a blog post on the deal that the company will beef up its identity solutions as a result of the acquisition:

“With Aorato we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”

The deal taps into a couple of different trends, within Microsoft and the larger enterprise world.

Microsoft has been on a long-term track to beef up the services that it offers to enterprise users, as part of a bigger push into that vertical. The focus on identity management also raises the question of whether Microsoft will compete more directly against the likes of Okta and others in this space.

More generally, an acquisition in the area of enterprise security is a move to make sure Microsoft stays relevant to what businesses are needing today. Security has become a key area for research and investment — particularly with the rise of cloud-services, BYOD devices and use of apps that are in general harder for IT managers to control; not to mention the rise in data breaches that tap into all of these things.

Aorato specifically exited from stealth in January 2014 with a product squarely focused on Microsoft users: it had developed a behavior-monitoring firewall for Microsoft Active Directory services.

Active Directory services are used by some 95% of organizations today, and so while this may sound like a platform-dependent solution with a focus on Microsoft, it’s more wide-ranging than that.

Aorato’s solution, in essence, monitors for suspicious usage of employee credentials, including multiple guessing attempts.

Notable Active Directory breaches have included Night Dragon and recent breaches at security companies Bit9 and RSA, where the attackers stole the credentials of legitimate employees. The Conficker worm stole user credentials by attempting to guess the employees’ passwords as they were stored in Active Directory.

When I spoke to Aorato when they were coming out of stealth mode, its co-founder and CEO, Idan Plotnik told me that while Active Directory-based services was a logical starting point, the idea would be for Aorato to cover all systems over time. Even so, a breach such as the one at the NSA could have been detected by Aorato’s early products, he claimed (which may or may not have been a good thing, depending on your point of view).

“Snowden reportedly used colleagues’ passwords to access sensitive docs,” he told me. “Even if the user activity seems legitimate,the same account would actually present suspicious or abnormal behavior behind the scenes which Aorato would detect.”

Before the acquisition, Aorato had raised $11 million. Aorato’s investors included Accel, Trusteer’s co-founders Mickey Boodaei and Rakesh Loonkar, Eric Schmidt’s Innovation Endeavors and Glilot Capital Partners.