As soon as the first Microsoft Defender for Identity sensor is installed and configured on any domain controller in your network, Defender for Identity begins monitoring your environment for domain controllers.
Once a Defender for Identity sensor is installed and configured on a domain controller in your network, the sensor communicates with the Defender for Identity service on a constant basis sending sensor status, health and version information, and collected Active Directory events and changes.
Domain controller status
Defender for Identity continuously monitors your environment for unmonitored domain controllers introduced into your environment, and reports on them to assist you in managing full coverage of your environment.
- To check the status of your detected monitored and unmonitored domain controllers and their status, go to the Configuration area of the Defender for Identity portal and, under the System section, select Sensors.
- Your currently monitored and unmonitored domain controllers are displayed at the top of the screen. To download the monitoring status details of your domain controllers, select Download Details.
The domain controller coverage Excel download provides the following information for all detected domain controllers in your organization:
|Domain name||Domain name|
|Monitored||Defender for Identity monitoring status|
|Sensor type||Defender for Identity sensor or Defender for Identity standalone sensor|
|Organizational unit||Location inside of Active Directory|
|Operating system version||Version of operating system detected|
|IP address||Detected IP address|
Search domain controllers
Managing your fleet of sensors and domain controllers can be challenging. To make it easier to find and identify, domain controllers can be searched using the search feature in Defender for Identity Sensors list.
- To search your domain controllers, go to the Configuration area of the Defender for Identity portal and, under the System section, select Sensors.
- Select the filter option on the domain controller column in the domain controller table list.
- Enter the name you wish to search. Wildcards are not currently supported in the search field.
Defender for Identity portal configuration pages can be modified by Defender for Identity admins only.