MS Defender for Identity not needing sensor set up

Darragh Martin 86 Reputation points
2022-10-20T10:28:45.447+00:00

Can MS Defender for Identity be useful to my organisation without the use of setting up a sensor for the domain control network as we dont need it since we have everything in the clouds through azure portal and is secure but wondering if everything else could be useful and is there articles/videos that could go through a set up if so?

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
697 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,911 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,763 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 32,586 Reputation points Microsoft Employee
    2022-10-20T17:13:13.69+00:00

    @Darragh Martin Thank you for reaching out to us.

    Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory ( whether it is on premise or on azure ) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

    It analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user. Defender for Identity then identifies anomalies with adaptive built-in intelligence, giving you insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization.

    Basically it monitors your domain controllers by capturing and parsing network traffic and leveraging Windows events directly from your domain controllers, then analyzes the data for attacks and threats. Utilizing profiling, deterministic detection, machine learning, and behavioral algorithms Defender for Identity learns about your network, enables detection of anomalies, and warns you of suspicious activities.

    Refer to this article https://learn.microsoft.com/en-us/defender-for-identity/what-is explains the capabilities Defender for Identity provides to the organization, even though you have your domain controllers on Azure, its necessary to have this security solution which helps reduce attack surface, detect in real time, investigate threats and respond to threats.

    https://learn.microsoft.com/en-us/defender-for-identity/alerts-overview - explain the suspicious activities detected by Defender for Identity sensors on your network, and the actors and computers involved in each threat.

    Microsoft Defender for Identity architecture - https://learn.microsoft.com/en-us/defender-for-identity/architecture

    Reference: https://www.youtube.com/watch?v=hhS8VdGnfOU - Understanding and Getting Started with ZERO TRUST

    Let me know if you have any further questions, please feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.