Forum Discussion
Microsoft Defender for Identity standalone sensors
Hi
Current scenario: we are forwarding domain control security logs to another server(windows machine) via the "https://learn.microsoft.com/en-us/defender-for-identity/configure-event-forwarding#wef-configuration-for-defender-for-identity-standalone-sensors-with-port-mirroring". We have logs in forwarded events ( event viewer).
In future if am installing an identity sensor on a standalone method should I configure port mirroring and Directory services accounts? is that a mandatory configuration for the stand-alone sensor?
1 Reply
- In your scenario yes and you refer to the below documentation
https://learn.microsoft.com/en-us/defender-for-identity/configure-port-mirroring
Side Note : Defender for Identity standalone sensors do not support the collection of Event Tracing for Windows (ETW) log entries that provide the data for multiple detections. For full coverage of your environment, we recommend deploying the Defender for Identity sensor.
