Forum Discussion
NNR When Coming through "NAT"
- We do have some features where we sometimes can give clues about the machine name, but it's not always possible, as it's usually protocol dependent.
MicrosoftWhat is exactly the problem you see?
EliOfek - Not a major problem, really, just that I would prefer the hosts be able to be resolved. In conjunction with some other tools and logs, we can in many cases go back and determine the host if needed.
Hunting through the raw data Defender for Identity provides to CloudAppSecurity, Office365, and Sentinel has proven helpful. This has come mostly in the form of "you shouldn't be doing that" type of policy violations, but also shows where there are some apps that are not configured correctly. I'm not directly concerned (too much) with DFI's direct ability to detect. I do miss having some of that host data there in the raw logs, but this isn't specifically a DFI issue but one that comes from NAT being used. Wanted more to see if there are any thoughts/ideas around this. I'm not sure there is a real trivial solution or one at all, just normal difficulty of dealing with NATs/Proxys/Load Balancers.- EliOfekWe do have some features where we sometimes can give clues about the machine name, but it's not always possible, as it's usually protocol dependent.
