Forum Discussion
Defender for Identity for unmanged DMZ Domain?
Hello, I am seeing information on the support of Defender for Identity for forests, but am wondering if Defender for Identity is supported in a separate/disconnected DMZ domain? My org has our main domain (fully managed config with M365/Entra), but has a separate DMZ domain (not federated or managed) that we'd like to include as part of a Defender for Identity rollout. Is this configuration possible?
1 Reply
- Yes you can. The sensor just calls back to the cloud and there's no need for any connection between forests. There is a risk which I identified in one of my blog posts though:
https://thalpius.com/2023/01/16/microsoft-defender-for-identity-lateral-movement-from-forest-to-forest-without-a-forest-trust/
