(56) Deploy and manage Microsoft Defender for Identity

Microsoft Defender for Identity is a cloud-based security solution managed through the Microsoft 365 defender dashboard, the security.microsoft.com portal with your Microsoft 365 account. It allows you to monitor for identity authentication and investigate advanced threats between your on-premise domain and the Azure ad environment.

Prerequisites:

1. License for Enterprise Mobility + Security E5/A5

2. Need a Directory Service account with read access to all objects in the monitored domains.

3. Need an Azure AD tenant with at least one global administrator or security administrator.

Setup:

1. Navigate to https://security.microsoft.com/ then select Settings then select Identities.

2. Select Sensor, then select Add Sensor

3. Select Download Installer. Make a copy of the Access key.

4. Once downloaded, run the installer on the server. Run through the wizard.

5. Copy the Access key and select Install.

Select Finish, once done.

6. Navigate back to the https://security.microsoft.com/ then select Settings then select Identities. Select the server and select Manage sensor. Save any changes.

7. Select Directory services accounts and add the Administrator, Domain and password. Save changes.

8. Address any changes as per listed in the recommendations.