Microsoft Tech Community is in Read Only mode.  Please enjoy browsing our content while we complete our platform upgrade.

Forum Discussion

hatommy118's avatar
hatommy118
Copper Contributor
Sep 13, 2023

Microsoft Defender for Identity

I have implemented this, but how do I know it's working?  The reports don't have a lot of information.  

Also, I have remedy the Global health issues per the links provided, but how do we know it's really remedied?  I close the alerts, but how do I know it's working the way it should?  

 

Thanks,

Tommy

  • few ways you can check, in the Microsoft 365 Defender portal

    Check to see if there are any alerts being generated by the Defender for identity by filtering by "detection source" and "MDI"

    Check the advanced Hunting section to view the Identityinfo, IdentityLogonEvents, IdentityqueryEvents and IdentityDirectoryEvents if you are receiving information that's another sign that its working

    Check Settings > Identities > Sensors Tab > check health of your sensors
    Check Settings > Identities > Health Issues > check for health alerts

    If logging isnt present when you query the advanced hunting table, then I would say u have some issues
    It also could be if config has been applied correctly, you have a very quiet environment (which is a good thing)
    • hatommy118's avatar
      hatommy118
      Copper Contributor
      After implementing this, our users are complaining opening network files such as adobe and excel is very slow. Have you experience this? Please advise.
      • BillClarksonAntill's avatar
        BillClarksonAntill
        Iron Contributor

        hatommy118 

         

        Never experienced slow connectivity, do you have by chance a network engineer who can inspect the traffic ingress/egress?

Resources