Security assessment: Start your Defender for Identity deployment

This article describes the Start your Defender for Identity deployment security assessment, which encourages you to install sensors on domain controllers and other eligible servers.

Why is not having Defender for Identity deployed considered a risk?

If you've obtained a Defender for Identity license, but haven't yet deployed Defender for Identity sensors, not only are you not yet using your purchased services, but you may be missing advanced threats in your identity infrastructure.

Defender for Identity uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Defender for Identity is also part of monitoring for Zero Trust. You may also want to use advanced hunting queries in Microsoft 365 Defender to look for threats across identities, devices, and cloud apps.

For more information, see:

How do I use this security assessment?

  1. Review the recommended action at to be alerted if you have a Defender for Identity license, but don't have Defender for Identity deployed.

  2. Take appropriate action by deploying Defender for Identity. For more information, see Deploy Microsoft Defender for Identity with Microsoft 365 Defender.


This assessment is updated in near real time.

See Also