Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Defender for Identity

Task 1.6: Configure Group Policy

  1. In the Windows search field, enter Group Policy Management, and then open the Group Policy Management App

  2. On the Group Policy Management menu, select Forest: MSMDI.local > Domains > MSMDI.local > Default Domain Policy.

  3. Right-click on the Default Domain Policy and then select Edit.

  4. In the left navigation, select Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

  5. Double-click Log on as a service and select the Define these policy settings checkbox.

  6. Select Add User or Group and in User and group names, enter mdiSvc01$, then select OK.

  7. Return to the Microsoft Defender portal tab in Microsoft Edge, navigate to Settings > Identities, and select Directory service accounts

  8. Select Add credentials and for Account name, enter mdiSvc01.

  9. Select the Group managed service account checkbox.

  10. In the Domain texbox, enter MSMDI.local and then select Save.

You have successfully completed the Microsoft Defender for Identity lab (Day 1).

It can take up to 24 hours for the MDI functionality to become active. You will not be able to proceed immediately to Day 2.