Microsoft Defender for Identity detection relies on specific Windows Event log entries to enhance some detections and provide additional information on who performed specific actions such as NTLM logons, security group modifications, and similar events. For the correct events to be audited and included in the Windows Event Log, your domain controllers require accurate Advanced […]
In this article, you’ll learn how to correctly configure Microsoft Defender for Identity sensor settings to start seeing data. You’ll need to do additional configuration and integration to take advantage of Defender for Identity’s full capabilities. Prerequisites An Defender for Identity instance that’s connected to Active Directory. A downloaded copy of your Defender for Identity sensor setup package and the […]
This article provides guidance and instructions for Microsoft Defender for Identity switches and silent installation. Prerequisites Defender for Identity requires the installation of Microsoft .NET Framework 4.7 or later. When you install Defender for Identity, .Net Framework 4.7 is automatically installed as part of the deployment of Defender for Identity if .Net Framework 4.7 or […]
Note The experience described in this page can also be accessed at https://security.microsoft.com as part of Microsoft 365 Defender. The supporting documents for the new experience can be found here. For more information about Microsoft Defender for Identity and when other features will be available in Microsoft 365 Defender, see Microsoft Defender for Identity in Microsoft 365 Defender. Microsoft […]
Microsoft Defender for Identity can collect accounting information from VPN solutions. When configured, the user’s profile page includes information from the VPN connections, such as the IP addresses and locations where connections originated. This complements the investigation process by providing additional information on user activity as well as a new detection for abnormal VPN connections. […]
Microsoft Defender for Identity enables you to integrate Microsoft Defender for Identity with Defender for Endpoint, for an even more complete threat protection solution. While Defender for Identity monitors the traffic on your domain controllers, Defender for Endpoint monitors your endpoints, together providing a single interface from which you can protect your environment. By integrating […]
Keeping your Microsoft Defender for Identity sensors up-to-date, provides the best possible protection for your organization. The Microsoft Defender for Identity service is typically updated a few times a month with new detections, features, and performance improvements. Typically these updates include a corresponding minor update to the sensors. Defender for Identity sensors and corresponding updates […]
Note The experience described in this page can also be accessed at https://security.microsoft.com as part of Microsoft 365 Defender. The supporting documents for the new experience can be found here. For more information about Microsoft Defender for Identity and when other features will be available in Microsoft 365 Defender, see Microsoft Defender for Identity in Microsoft 365 Defender. The […]
Microsoft Defender for Identity health center The Microsoft Defender for Identity health center lets you know how your Defender for Identity instance is performing and alerts you when there are problems. Working with the Defender for Identity health center The Defender for Identity health center lets you know that there’s a problem by raising an […]
Note The experience described in this page can also be accessed at https://security.microsoft.com as part of Microsoft 365 Defender. The supporting documents for the new experience can be found here. For more information about Microsoft Defender for Identity and when other features will be available in Microsoft 365 Defender, see Microsoft Defender for Identity in Microsoft 365 Defender. Microsoft […]