It has the capabilities to monitor your users, their behavior, and also the activities with the help of learning based analytics. It will then protect your user identities as well as their credentials that are stored in your on-premises active directory. If there are any issues, if there are any suspicious user activities it will help you identify and investigate them.
Cloud based solution | Also capable of looking at the AD signals as well.
Capture and inspect -> DC network traffic | Windows events on DCs | Radius Accounting information | Data about users and computers from AD & DC”