Microsoft today announced it has acquired Aorato, an enterprise security startup founded in 2011 by veterans of the Israel Defense Forces technology units. Financial details were not disclosed, though previous rumors had pegged the deal at around $200 million.

On its website, Aorato says it will stop selling its Directory Services Application Firewall (DAF) product, which protects organizations from advanced targeted attacks. Instead, the technology will likely be integrated into Microsoft’s own offerings, which should not be a surprise given that the behavior-monitoring firewall is specifically designed for Windows Server Active Directory. “As part of Microsoft, we will share more on the future direction and packaging of these capabilities at a later time,” the Aorato announcement states.

Aorato’s software offers an Organizational Security Graph, a continuously updated view of all of the people and machines accessing an organization’s Windows Server Active Directory, which most enterprises use for storing user identities and administering access to critical business applications and systems. Microsoft says most of its enterprise customers should thus be able to take advantage of Aorato’s technology.

Microsoft Azure, the company’s cloud computing platform, is the most likely candidate for integration. While Azure is not discussed in the startup’s announcement, the product name is included in the message footer:

ms_aorato

Microsoft also hints at an Azure tie-in. The company says that Aorato’s technology “will complement similar capabilities that we have developed for Azure Active Directory, our cloud-based identity and access management solution.”

Aorato has always described its mission as strengthening enterprise security by giving customers “deeper visibility” into their own infrastructure. The security layer focuses on user behavior intelligence and analytics, in addition to basic protective measures. Microsoft agrees with the logic, noting that “companies need new, intelligent solutions to help them adapt and defend themselves inside the network, not just at its edge.”

Aorato uses machine learning to detect suspicious activity on a company’s network. It distinguishes normal behavior from anomalies so that security personnel can take action.

“We are making this acquisition to give customers a new level of protection against threats through better visibility into their identity infrastructure,” Microsoft said in a statement. “With Aorato we will accelerate our ability to give customers powerful identity and access solutions that span on-premises and the cloud, which is central to our overall hybrid cloud strategy.”

Until now, Aorato had raised $11 million, including a $10 million round led by Accel Partners and Innovation Endeavors. Its other investors included Mickey Boodaei, Rakesh Loonkar, and Glilot Capital Partners.

Reports of Microsoft talks with the startup date back to July, when The Wall Street Journal cited “a person familiar with the matter” who said the deal was worth $200 million and could close by September. Clearly the discussions took a little longer.