Task 1.3: Add a new sensor
-
In the DC01 RDP session, open Microsoft Edge, then go to https://security.microsoft.com, then sign in using your Microsoft 365 account.
-
Close any dialog boxes that appear.
-
In the Microsoft Defender menu, select Settings.
-
On the Settings page, select Identities.
It can take up to 10 minutes to prepare new spaces the first time you attempt to load the identities page.
-
On the Microsoft Defender for Identity page, select Add sensor.
-
On the Add a new sensor pane, select Download installer to save the file to the Downloads directory.
If the download does not start, in the Microsoft Edge settings, disable the pop-up blocker, then select Download installer again.
-
On the Add a new sensor pane, copy the access key value, You will paste this into the installer window when installing the sensor.
The access key is a one-time password for use when deploying the sensor, after which communication is performed using certificates for authentication and TLS encryption.
-
In File Explorer, under Quick access, select Downloads.
-
In the Downloads directory, right-click Azure ATP Sensor Setup.zip, select Extract All, and then select Extract.
-
In the Azure ATP Sensor Setup directory, double-click Azure ATP Sensor Setup.exe.
-
In the Install Microsoft Defender for Identity Sensor box, on the Choose your language menu, select English, then select Next.
-
On the Sensor deployment type page, accept the default value, then select Next.
-
On the Configure the Sensor page, in the Access key box, paste the access key that you copied above, then select Install.
-
After the Installation completed successfully message appears, select Finish.
-
Switch back to the Microsoft Defender for Identity tab in Microsoft Edge, then refresh the tab to view the newly-deployed DC01 sensor.
The DC01 sensor, a domain controller sensor, is installed in the MSMDI.local domain.
-
Select the DC01 sensor to view the sensor details, then close the pane.