Edit

Share via


Microsoft Defender for Identity deployment overview

Defender for Identity uses sensors to collect signals from your on-premises identity infrastructure to detect threats. This article explains the Microsoft Defender for Identity deployment process.

Defender for Identity detects threats like privilege escalation or high-risk lateral movement and reports on easily exploited identity issues like unconstrained Kerberos delegation for correction by the security team.

We recommend installing Defender for Identity sensors on all domain controllers, including read-only domain controllers (RODCs). If you have an AD FS, AD CS, or a Microsoft Entra Connect farm or cluster in your environment, install the sensor on each server.

Select your deployment method

Once you've completed the steps to prepare your environment, and assigned roles and permissions for Defender for Identity, create a plan for onboarding.

Identify your architecture and your requirements, and then use the table below to select the appropriate deployment for the servers in your environment.

Server configuration Server Operating System Recommended deployment
Domain controller Windows Server 2019 or later with the March 2024 Cumulative Update or later.
* See Note.
Defender for Identity sensor v3.x (Preview)
* See Note.
Domain controller Windows Server 2016 or earlier Defender for Identity sensor v2.x
Active Directory Federation Services (AD FS) NA Defender for Identity sensor v2.x
Active Directory Certificate Services (AD CS) NA Defender for Identity sensor v2.x
Entra Connect NA Defender for Identity sensor v2.x

Note

The Defender for Identity sensor version 3.x is still in preview and has some limited functionality compared to version 2.x. Keep these limitations in mind before activating the sensor. The Defender for Identity sensor v3.x:

  • Requires that Defender for Endpoint is deployed on your endpoints
  • Doesn't currently support VPN integration
  • Doesn't currently support ExpressRoute
  • Doesn't currently offer full functionality of health alerts, posture recommendations or security alerts

Once you've evaluated your infrastructure and requirements, follow the instructions for deploying the sensor based on the version you need.

Next steps