Design and Plan MDI Deployment
Implementation Effort: High – Requires comprehensive planning, including infrastructure assessment, capacity planning, and coordination across security and IT teams.
User Impact: Low – Deployment activities are primarily backend and do not directly affect end-user operations.
Overview
Microsoft Defender for Identity monitors Active Directory by analyzing network traffic and Windows events to detect attacks and threats. Installed directly on domain controllers, AD FS, AD CS servers, and Entra Connect servers, the Defender for Identity sensor accesses required data direct from the servers. The sensor parses the logs and network traffic before sending only parsed information to the Defender for Identity cloud service.
Reference
Architecture - https://learn.microsoft.com/defender-for-identity/architecture