Forum Discussion
hatommy118
Sep 13, 2023Copper Contributor
Microsoft Defender for Identity
I have implemented this, but how do I know it's working? The reports don't have a lot of information.
Also, I have remedy the Global health issues per the links provided, but how do we know it's really remedied? I close the alerts, but how do I know it's working the way it should?
Thanks,
Tommy
- BillClarksonAntillIron Contributorfew ways you can check, in the Microsoft 365 Defender portal
Check to see if there are any alerts being generated by the Defender for identity by filtering by "detection source" and "MDI"
Check the advanced Hunting section to view the Identityinfo, IdentityLogonEvents, IdentityqueryEvents and IdentityDirectoryEvents if you are receiving information that's another sign that its working
Check Settings > Identities > Sensors Tab > check health of your sensors
Check Settings > Identities > Health Issues > check for health alerts
If logging isnt present when you query the advanced hunting table, then I would say u have some issues
It also could be if config has been applied correctly, you have a very quiet environment (which is a good thing)- hatommy118Copper ContributorAfter implementing this, our users are complaining opening network files such as adobe and excel is very slow. Have you experience this? Please advise.
- BillClarksonAntillIron Contributor
Never experienced slow connectivity, do you have by chance a network engineer who can inspect the traffic ingress/egress?
- Antons BukelsBrass Contributor
hatommy118, you could use MDI Attack simulations to learn about detections and test some scenarios Attack simulations - Microsoft Defender for Identity | Microsoft Learn