Aug 24 2021 11:28 AM
In defender for Identity, do we need to install the agent on every Domain controller? Is this for redundancy? Documentation really does not say
Aug 24 2021 12:26 PM
Aug 25 2021 02:41 AM - edited Aug 25 2021 02:43 AM
Yes, we suggest you put the sensor on all domain controllers to ensure you capture the most traffic possible. Be advised that using the standalone sensor described above isn't recommended for an entire environment, as it won't capture Event Tracing for Windows data that the natively installed sensor would capture, and as a result, will impact on several detections.