Microsoft Defender for Identity is a cloud-based security solution managed through the Microsoft 365 defender dashboard, the security.microsoft.com portal with your Microsoft 365 account. It allows you to monitor for identity authentication and investigate advanced threats between your on-premise domain and the Azure ad environment. This article teaches you how to deploy and manage Microsoft Defender for identity.
![Deploy and manage Microsoft Defender for Identity]()
Prerequisites for Microsoft Defender for Identity
- License for Enterprise Mobility + Security E5/A5, the following link will guide you to get the E5 licensing free for 90 days.
- Need a Directory Service account with read access to all objects in the monitored domains.
- Need an Azure AD tenant with at least one global administrator or security administrator.
Deploying Microsoft Defender for Identity
1. To implement the defender for identity, sign in to the Microsoft 365 Defender Portal “https://security.microsoft.com/”
From the navigation menu, go to “Settings”
Then select “Identities”
![Deploy and manage Microsoft Defender for Identity]()
Deploying sensors enables you to monitor your on-premises Active Directory environment for suspicious activities and risky configurations.
Add a New Sensor
Select “Sensors” and then Click “Add sensor”
![Deploy and manage Microsoft Defender for Identity]()
When you get the Access Key, copy that and keep it in the notepad
And then Select “Download Installer”
![Deploy and manage Microsoft Defender for Identity]()
Once downloaded Azure ATP sensor setup file, copy those files and past into the new folder as “DFI”
Install Microsoft Defender for Identity Sensor
Double-click to open that Azure ATP Sensor setup
Then choose your language, and then click “Next”
![Deploy and manage Microsoft Defender for Identity]()
Select the Sensor deployment type,
in my case, going to install with “Sensor”, the sensor is installed directly on the domain controller and monitors the local network.
Select “Next”
![Deploy and manage Microsoft Defender for Identity]()
Enter the Access key, copied while downloading the Azure ATP sensor setup.
Then select “Install”
![Deploy and manage Microsoft Defender for Identity]()
After completing the Installation, click “Finish” to close the wizard.
![Deploy and manage Microsoft Defender for Identity]()
Once installation is completed, go back to the portal of Microsoft 365 Defender and then navigate to Defender for Identity.
Just refresh the Web browser, and it should reflect that the server is now in the portal.
![Deploy and manage Microsoft Defender for Identity]()
Managing Microsoft Defender for Identity
Go to the Microsoft Defender for Identity sensor and select your listed identity sensor device.
Then select “Manage Sensor”
![Deploy and manage Microsoft Defender for Identity]()
Enter your Domain Controller (FQDN)
Then Click “Save”
![Deploy and manage Microsoft Defender for Identity]()
Suppose we would like the sensor to be able to communicate with Active Directory and report any types of threats that might happen against Active Directory. We need to add a directory service account.
Select “Directory service account” from Microsoft defender for identity
And then “add credential” of the directory service account
![Deploy and manage Microsoft Defender for Identity]()