SOLVED

ADFS Sensor / WID / SQL

%3CLINGO-SUB%20id%3D%22lingo-sub-3039051%22%20slang%3D%22en-US%22%3EADFS%20Sensor%20%2F%20WID%20%2F%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3039051%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20installed%20sensors%20on%20our%20domain%20controllers%20and%20getting%20information%20as%20expected%20in%20the%20portal.%26nbsp%3B%20Now%20I%20am%20about%20to%20do%20our%20ADFS%20servers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20the%20prerequisites%20quickstart%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Finstall-step4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EInstall%20Microsoft%20Defender%20for%20Identity%20sensor%20quickstart%20%7C%20Microsoft%20Docs%3C%2FA%3E%20we%20are%20told%20that%20ADFS%20SQL%20should%20be%20configured%20to%20give%20%3CSTRONG%3Econnect%3C%2FSTRONG%3E%2C%20%3CSTRONG%3Elog%20in%3C%2FSTRONG%3E%2C%20%3CSTRONG%3Eread%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Eselect%26nbsp%3B%3C%2FSTRONG%3Erights%20to%20the%20directory%20service%20account.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%3A%20We%20don't%20use%20SQL%20server%20for%20ADFS%20we%20use%20WID%20-%20does%20this%20requirement%20still%20apply%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3042964%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20Sensor%20%2F%20WID%20%2F%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3042964%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F224643%22%20target%3D%22_blank%22%3E%40Philip%20Leighton%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%20available%20now%20in%20the%20FAQs%20page%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Ftechnical-faq%23how-do-i-grant-access-to-the-ad-fs-database-via-tsql-or-powershell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Ftechnical-faq%23how-do-i-grant-access-to-the-ad-fs-database-via-tsql-or-powershell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3042500%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20Sensor%20%2F%20WID%20%2F%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3042500%22%20slang%3D%22en-US%22%3EI%20will%20indeed%20-%20thanks%20for%20your%20help.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3039095%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20Sensor%20%2F%20WID%20%2F%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3039095%22%20slang%3D%22en-US%22%3EYou%20need%20to%20give%20the%20same%20permissions%20to%20WID%20instead.%3CBR%20%2F%3EContact%20Support%20for%20help%20on%20how%20exactly%20to%20do%20that.%3C%2FLINGO-BODY%3E
New Contributor

I've installed sensors on our domain controllers and getting information as expected in the portal.  Now I am about to do our ADFS servers.

 

From the prerequisites quickstart: Install Microsoft Defender for Identity sensor quickstart | Microsoft Docs we are told that ADFS SQL should be configured to give connect, log in, read and select rights to the directory service account.  

 

My question: We don't use SQL server for ADFS we use WID - does this requirement still apply? 

3 Replies
best response confirmed by Philip Leighton (New Contributor)
Solution
You need to give the same permissions to WID instead.
Contact Support for help on how exactly to do that.
I will indeed - thanks for your help.