Microsoft released a new Microsoft Defender for Identity (MDI) sensor type for Active Directory Certificate Services (ADCS). This article demonstrates the steps to deploy the sensor on your ADCS Servers.
Category: ATA/ATP
Download the Microsoft Defender for Identity sensor
The Microsoft Defender for Identity (MDI) sensor can be downloaded from the Microsoft 365 Defender portal. The MDI sensor installation package is the same for Domain Controllers, ADFS and ADCS. If you have previously downloaded the package, you can use this for the installation, although I would recommend downloading the latest version for any new deployments.
How to deploy Microsoft Defender for Identity
Are you planning on deploying Microsoft Defender for Identity (MDI), but you are not sure how to? No worries, this blog will walk you through the deployment steps. What is Microsoft Defender for Identity MDI Leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed … Continue reading How to deploy Microsoft Defender for Identity
Microsoft Defender for Identity | Enable NTLM Auditing
If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven't gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled. You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.
Microsoft Defender Weekly Wrap – Issue #56
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Defender Weekly Wrap – Issue #55
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Microsoft Defender Weekly Wrap – Issue #54
========================= [Want to discuss this further? Hit me up on Twitter or LinkedIn] [Subscribe to the RSS feed for this blog] [Subscribe to the Weekly Microsoft Sentinel Newsletter] [Subscribe to the Weekly Microsoft Defender Newsletter] [Learn KQL with the Must Learn KQL series and book]
Field Notes: Service running with gMSA account not starting
I recently deployed a new Active Directory Forest in my lab on Windows Server 2022. I wanted to configure the Microsoft On Demand Assessments for Active Directory and also needed to deploy Microsoft Defender for Identity (MDI). I wanted to use a Group Managed Service account to run these instead of a normal service account. … Continue reading Field Notes: Service running with gMSA account not starting
Integrate Microsoft Defender for Identity with Syslog (SIEM)
Microsoft Defender for Identity (MDI) can be easily integrated with your Syslog server. You can be notified of new suspicious activities by sending security and health alerts to your Syslog server.
Field Notes: Dealing with Phishing
Hackers turn to online scams to steal your personal information, because of this phishing prevention has become critical for every organization. Phishing emails may appear to be legitimate. In today’s world, you will likely be subjected to a phishing attack, meaning you'll need to be aware of the warning signs and know how to handle … Continue reading Field Notes: Dealing with Phishing
You must be logged in to post a comment.