Forum Discussion
If you have multiple DCs, install a separate sensor on each one???
Is the following description correct? What are the best practices for installing the MDI Agent on more than 100 domain controllers in a large environment?
When deploying Microsoft Defender for Identity sensors on your domain controllers (DCs), you should install a sensor on each DC, including read-only domain controllers (RODCs). If you have multiple DCs, install a separate sensor on each one. You cannot use the same downloaded sensor and key file for all your DC servers.?!!
Deleted
1 Reply
- EliOfek
Microsoft
fkh090 While you do need to deploy on all DCs, you CAN use the same downloaded package and deployment key for all of them (as long as you have not rotated the deployment key in the portal).
For large environments, many customers automate the deployment using the silent install option.
See:
https://learn.microsoft.com/en-us/defender-for-identity/deploy/install-sensor#silent-installation-via-a-deployment-system
