defender for identity sensor install

%3CLINGO-SUB%20id%3D%22lingo-sub-2680392%22%20slang%3D%22en-US%22%3Edefender%20for%20identity%20sensor%20install%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2680392%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20defender%20for%20Identity%2C%20do%20we%20need%20to%20install%20the%20agent%20on%20every%20Domain%20controller%3F%26nbsp%3B%20Is%20this%20for%20redundancy%3F%26nbsp%3B%20Documentation%20really%20does%20not%20say%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2680625%22%20slang%3D%22en-US%22%3ERe%3A%20defender%20for%20identity%20sensor%20install%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2680625%22%20slang%3D%22en-US%22%3EYou%E2%80%99ll%20want%20to%20install%20the%20Defender%20for%20Identity%20sensor%20on%20each%20DC%20as%20it%E2%80%99ll%20monitor%20local%20network%20connections%20on%20those%20DCs.%20Failing%20to%20do%20so%20may%20result%20in%20missing%20important%20information%20for%20a%20subset%20of%20your%20AD.%3CBR%20%2F%3E%3CBR%20%2F%3EAlternatively%20you%20can%20also%20set%20up%20the%20standalone%20sensor%2C%20but%20it%20would%20require%20port%20mirroring%20for%20the%20standalone%20server%20to%20capture%20network%20traffic%20of%20the%20domain%20controllers.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2682579%22%20slang%3D%22en-US%22%3ERe%3A%20defender%20for%20identity%20sensor%20install%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2682579%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20we%20suggest%20you%20put%20the%20sensor%20on%20all%20domain%20controllers%20to%20ensure%20you%20capture%20the%20most%20traffic%20possible.%20Be%20advised%20that%20using%20the%20standalone%20sensor%20described%20above%20isn't%20recommended%20for%20an%20entire%20environment%2C%20as%20it%20won't%20capture%20Event%20Tracing%20for%20Windows%20data%20that%20the%20natively%20installed%20sensor%20would%20capture%2C%20and%20as%20a%20result%2C%20will%20impact%20on%20several%20detections.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

In defender for Identity, do we need to install the agent on every Domain controller?  Is this for redundancy?  Documentation really does not say

4 Replies
You’ll want to install the Defender for Identity sensor on each DC as it’ll monitor local network connections on those DCs. Failing to do so may result in missing important information for a subset of your AD.

Alternatively you can also set up the standalone sensor, but it would require port mirroring for the standalone server to capture network traffic of the domain controllers.

Yes, we suggest you put the sensor on all domain controllers to ensure you capture the most traffic possible. Be advised that using the standalone sensor described above isn't recommended for an entire environment, as it won't capture Event Tracing for Windows data that the natively installed sensor would capture, and as a result, will impact on several detections. 

Thank you.
Thank you.