Confirm MDI Internet Access Requirements

Implementation Effort: Medium – Ensuring proper internet connectivity for Defender for Identity sensors involves configuring proxies, firewalls, or ExpressRoute, and may require coordination across IT and network teams.
User Impact: Low – Configuration changes are handled by administrators; end users are not affected or required to take any action.

Overview

Microsoft Defender for Identity monitors Active Directory by analyzing network traffic and Windows events to detect attacks and threats. Installed directly on domain controllers, AD FS, AD CS servers, and Entra Connect servers, the Defender for Identity sensor accesses required data directly from the servers. The sensor parses the logs and network traffic before sending only parsed information to the Defender for Identity cloud service.

Reference

Architecture
Deployment Overview
Prerequisites
Sensor Sizing / Capacity Planning

Overview​

Reference​

Overview

Reference