Forum Discussion

Copper Contributor

Sep 13, 2023

Microsoft Defender for Identity

I have implemented this, but how do I know it's working? The reports don't have a lot of information. Also, I have remedy the Global health issues per the links provided, but how do we know it's ...

BillClarksonAntill

Iron Contributor

Sep 14, 2023

few ways you can check, in the Microsoft 365 Defender portal

Check to see if there are any alerts being generated by the Defender for identity by filtering by "detection source" and "MDI"

Check the advanced Hunting section to view the Identityinfo, IdentityLogonEvents, IdentityqueryEvents and IdentityDirectoryEvents if you are receiving information that's another sign that its working

Check Settings > Identities > Sensors Tab > check health of your sensors
Check Settings > Identities > Health Issues > check for health alerts

If logging isnt present when you query the advanced hunting table, then I would say u have some issues
It also could be if config has been applied correctly, you have a very quiet environment (which is a good thing)

hatommy118

Copper Contributor

Sep 18, 2023

After implementing this, our users are complaining opening network files such as adobe and excel is very slow. Have you experience this? Please advise.

BillClarksonAntill
Iron Contributor
Sep 22, 2023
hatommy118

Never experienced slow connectivity, do you have by chance a network engineer who can inspect the traffic ingress/egress?
- hatommy118
  Copper Contributor
  Sep 25, 2023
  Thanks for replying, turns out it was Carbon Black, the timing was impeccable!
  - hatommy118
    Copper Contributor
    Sep 25, 2023
    Running the below commands doesn't trigger any alerts, while doing the simulations of an attack. Any ideas why this is?
    
    net group /domain
    net group "Domain Admins" /domain
    net group "Enterprise Admins" /domain
    net group "Schema Admins" /domain