Forum Discussion

Kacper_Burdzy's avatar
Kacper_Burdzy
Copper Contributor
Feb 06, 2023

Defender for Identity integration with Microsoft Defender for Endpoint

Hi, a few weeks ago we were able to get Defender for Identity up and running on our domain controllers. After that, I wanted to run the integration with Defender for Endpoint at security.microsoft.com. Settings->Endpoints->Advanced Features->Microsoft Defender for Identity integration.

Since then, the status is pending all the time. Does anyone know what are the prerequisites for this integration to work? I couldn't find any information on this. We have deployed Defender for Endpoint on our Windows 10 endpoints and Windows Servers, we wanted to take full advantage of both tools for collecting logs. I've already tried unchecking and re-checking that option several times.

Next to this option there is a message "Feature has not been fully enabled. Enable integration on the Advanced Threat Analytics portal." and the hyperlink leads me here

https://www.microsoft.com/en-us/security/business/SIEM-and-XDR/microsoft-defender-for-identity

All our sensors are healthy. Recently we have also enabled Integration with Cisco ASA for collecting accounting events. 

 

 

2 Replies

  • It sounds like you've already done a lot of the necessary work for integrating Microsoft Defender for Identity with Microsoft Defender for Endpoint. However, there might be a few more steps you need to take or check to ensure the integration is successful.

    1- Ensure that both services are licensed and enabled: Check if you have the necessary licenses for both Microsoft Defender for Endpoint and Microsoft Defender for Identity. Additionally, ensure that both services are enabled in your environment.

    2- Check your Microsoft Defender for Endpoint tenant's settings: Ensure that your tenant has been onboarded to Microsoft Defender for Endpoint and that the tenant is correctly set up.

    3- Verify the integration settings in the Microsoft Defender for Identity portal: Log in to the Microsoft Defender for Identity portal, and navigate to Configuration > Integration > Microsoft Defender for Endpoint. Verify that the integration is enabled.

    4- Verify the identity of the user performing the integration: Make sure the user attempting to enable the integration has the necessary permissions. The user should have the Global Administrator or Security Administrator role in the Microsoft Defender for Endpoint portal.

    5- Check firewall and network connectivity: Ensure that the necessary firewall ports are open, and there is network connectivity between the Microsoft Defender for Identity instance and the Microsoft Defender for Endpoint portal.

    If you've checked all of these prerequisites and are still experiencing issues, you might want to consider reaching out to Microsoft Support for further assistance. They can help troubleshoot any issues that might be specific to your environment or configuration.
  • Kacper_Burdzy's avatar
    Kacper_Burdzy
    Copper Contributor
    Got a reply from Microsoft.

    "This control has no impact anymore as MDI & O365 TI are part of M365D platform,
    This pending state can be ignored.
    Product Engineering team is already aware of this User Interface and they have added this task in their list to remove this from the portal UI."

Resources