I know Microsoft Defender for Identity has a report for 'Modifications to Sensitive Groups' but is there a way to get a list of entities in these sensitive groups? We're looking to compile a list for 'tagging' in the SIEM.
Is there anyway to get this list Defender for Identity? Or would it be best to grab the ADModule and try some queries? We do have multiple forests and multiple domains.
Not at the moment, but it is something we are planning to add (no ETA yet), the only thing you can do is query the "Group Membership Changed" activity in advanced hunting
