Event banner

Microsoft Defender for Identity AMA

Event Ended

Wednesday, Jun 29, 2022, 09:00 AM PDT

In-Person

Event details

We are very excited to announce our Microsoft Defender for Identity AMA! An AMA is a live text-based online event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. This AMA giv...

Trevor_Rusher

Updated Jun 29, 2022

microsoft defender for identity

PeterJoInobits

Brass Contributor

Jun 29, 2022

How does MDI correlate with the Sentinel Insecure Protocol workbook? For example if i enable all the audit settings that are mentioned in the Secure Protocols workbook will I able to track and report on those protocols straight out of MDI or will I still need to spin up a Sentinel instance.

Or Tsemah

Iron Contributor

Jun 29, 2022

While there is no immediate correlation for MDI with that specific Sentinel workbook, MDI has various security assessments, including detection of NTLMv1 and LDAP Simple Bind activities that is also used on that workbook, you can find them all in Microsoft Secure Score feature at the Microsoft 365 Defender portal (Filter for Defender for identity)

PeterJoInobits
Brass Contributor
Jun 29, 2022
Does that have a requirement for that requisite auditing to be enabled as with the Sentinel Workbook.. I have a customer who has required to be able to report on things such as PlainText LDAP etc. but is const sensitive especially w.r.t Sentinel
- Or Tsemah
  Iron Contributor
  Jun 29, 2022
  Yes, a couple of non default audit configurations on the DCs are required, see here https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection

Date and Time

Jun 29, 20229:00 AM - 10:00 AM PDT