MC267123: Microsoft Defender for Identity setup guide to configure security for internal organization identities and devices

We’re releasing a new guide for admins who want to configure user identity security within their environment. Microsoft Defender for Identity provides a central location where admins can identify, detect, and investigate on-premises identity threats. In this step-by-step guide, you’ll verify that you’ve satisfied all environment prerequisites, create an instance, connect to Active Directory, and install your sensor. When you’re done, users’ identities will be monitored, and immediate action can be taken against any malicious activity that compromises your organization. This message is associated with Microsoft 365 Roadmap ID 82058.

Microsoft Defender for Identity provides a central location where admins can identify, detect, and investigate on-premises identity-based threats. In this step-by-step guide you’ll verify that you’ve satisfied all environment prerequisites, create a Defender for Identity instance, connect to Active Directory, and install your sensor. When you’re done, your users’ identities will be monitored, and immediate action can be taken against any malicious activity that attempts to compromise your organization’s on-premises identities.

Affected Workloads

  • Microsoft Defender for Identity

When this will happen

The ‎Microsoft Defender for Identity‎ setup guide is now available on the Setup guidance page.

How this will affect your organization

The Microsoft Defender for Identity portal lets you monitor and respond to any suspicious activity detected and provides a quick view of all suspicious activities in chronological order. You can drill into details of any activity and perform actions based on those activities. The Defender for Identity portal also displays alerts and notifications to highlight problems seen by Defender for Identity or new activities that are deemed suspicious.

Microsoft Defender for Identity monitors your on-premises identities by using sensors installed on your domain controllers by capturing and parsing network traffic and using Windows events directly from your domain controllers, then analyzes the data for attacks and threats. Utilizing profiling, deterministic detection, machine learning, and behavioral algorithms, Defender for Identity learns about your network, detects anomalies, and warns you of suspicious activities.

By setting up Defender for Identity in your environment, admins can use the portal to do the following:

  • Create a Defender for Identity instance.
  • Integrate with other Microsoft security services.
  • Manage Defender of Identity sensor configuration settings.
  • View data received from Defender for Identity sensors.
  • Monitor detected suspicious activities and suspected attacks based on the attack kill chain model.
  • Send automatic emails and events when security alerts or health issues are detected.

What you need to do to prepare

To ensure that admins can use this guide and benefit from all its features, make sure they’re assigned Global Admin or Security Admin for your organization. Review the list of what you’ll need, including gathering the accounts and network entities, before you start the install.

Message ID: MC267123
Published: 07 July 2021
Updated: 07 July 2021