Design and Plan MDI Deployment

Implementation Effort: High – Requires comprehensive planning, including infrastructure assessment, capacity planning, and coordination across security and IT teams.

User Impact: Low – Deployment activities are primarily backend and do not directly affect end-user operations.

Overview

Microsoft Defender for Identity monitors Active Directory by analyzing network traffic and Windows events to detect attacks and threats. Installed directly on domain controllers, AD FS, AD CS servers, and Entra Connect servers, the Defender for Identity sensor accesses required data direct from the servers. The sensor parses the logs and network traffic before sending only parsed information to the Defender for Identity cloud service.

Reference

Architecture - https://learn.microsoft.com/defender-for-identity/architecture

• Deploy Microsoft Defender for Identity
• Microsoft Defender for Identity prerequisites
• Plan capacity for Microsoft Defender for Identity deployment
• Configure Microsoft Defender for Identity sensor settings