0
(0)

This article is Step 2 of 2 in the process of setting up the evaluation environment for Microsoft Defender for Identity. For more information about this process, see the overview article.

Use the following steps to set up your Microsoft Defender for Identity environment.

Steps to enable Microsoft Defender for Identity in the Microsoft Defender evaluation environment.

Step 1. Set up the Defender for Identity Instance

Sign in to the Defender for Identity portal to create your instance and then connect this instance to your Active Directory environment.

STEP 1. SET UP THE DEFENDER FOR IDENTITY INSTANCE
Step More information
1 Create the Defender for Identity instance Quickstart: Create your Microsoft Defender for Identity instance
2 Connect the Defender for Identity instance to your Active Directory forest Quickstart: Connect to your Active Directory Forest

Step 2. Install and configure the sensor

Next, download, install, and configure the Defender for Identity sensor on the domain controllers and AD FS servers in your on-premises environment.

STEP 2. INSTALL AND CONFIGURE THE SENSOR
Step More information
1 Determine how many Microsoft Defender for Identity sensors you need. Plan capacity for Microsoft Defender for Identity
2 Download the sensor setup package Quickstart: Download the Microsoft Defender for Identity sensor setup package
3 Install the Defender for Identity sensor Quickstart: Install the Microsoft Defender for Identity sensor
4 Configure the sensor Configure Microsoft Defender for Identity sensor settings

Step 3. Configure event log and proxy settings on machines with the sensor

On the machines that you installed the sensor on, configure Windows event log collection and Internet proxy settings to enable and enhance detection capabilities.

STEP 3. CONFIGURE EVENT LOG AND PROXY SETTINGS ON MACHINES WITH THE SENSOR
Step More information
1 Configure Windows event log collection Configure Windows Event collection
2 Configure Internet proxy settings Configure endpoint proxy and Internet connectivity settings for your Microsoft Defender for Identity Sensor

Step 4. Allow Defender for Identity to identify local admins on other computers

Microsoft Defender for Identity lateral movement path detection relies on queries that identify local admins on specific machines. These queries are performed with the SAM-R protocol, using the Defender for Identity Service account.

To ensure Windows clients and servers allow your Defender for Identity account to perform SAM-R, a modification to Group Policy must be made to add the Defender for Identity service account in addition to the configured accounts listed in the Network access policy. Make sure to apply group policies to all computers except domain controllers.

For instructions on how to do this, see Configure Microsoft Defender for Identity to make remote calls to SAM.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.