Where to install Defender for Identity Sensor for VPN Integration

Question

We have followed the steps in this document https://learn.microsoft.com/en-us/defender-for-identity/vpn-integration to setup VPN Integration for Defender for Identity. However we don't see the sensor receiving any data.

As per the document we have added a server with the Defender for Identity sensor installed on it to the RADIUS Accounting server list on the VPN server. This server was given the same priority as the NPS server that was already in that list.

However when we used Wireshark on the server with the sensor we see no RADIUS Accounting traffic being .

I'm wondering if all servers in the RADIUS Accounting list receive the accounting data? If not then I assume the sensor must be installed on the NPS server for Defender for Identity VPN Integration to work?

Answer 1

Hi David, thanks for posting your question!

Based on my research, it seems that the RADIUS client sends accounting messages only to the first server in the list. Could you maybe be try changing the accounting providers list on the RRAS to prioritize MDI’s sensor first and NPS second, if it’s not already set up that way?

Hope this helps!

Answer 2

Hi David, thanks for posting your question!

Based on my research, it seems that the RADIUS client sends accounting messages only to the first server in the list. Could you maybe be try changing the accounting providers list on the RRAS to prioritize MDI’s sensor first and NPS second, if it’s not already set up that way?

Hope this helps!