Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Is RDP for NNR from MDI Sensors necessary?

Copper Contributor

I am looking to see how important it is for use of RDP for NNR specific to MDI.  After looking at the posts here and MS documentation, it suggests that all 3 (NTLM over RPC, NetBIOS and RDP) methods should be allowed to all endpoints.  We do have many systems behind FW's that do not allow this protocol.  I also see that there is an option to disable an optional NNR method in Defender for Identity to fit the needs of your environment (support ticket required.)

 

My question is what is the impact (what am I losing) if I disable the RDP methodology assuming the other 2 are functioning as expected.

 

Thanks in advance for your consideration.

3 Replies
best response confirmed by MarshMadness (Copper Contributor)
Solution
Removing nnr methods potentially reduce resolution success rate. If the other 2 are really working fine in high rate it will be ok to disable rdp. Support can help you check using telemetry if indeed this is the case...

@Eli Ofek 

one of our customers is also reluctant to enable RDP, anyway we can check the efficiency ourselves for the other methods or is a support case the only option to get telemetry data?

@Alex Verboon 
Support case is the only way.

1 best response

Accepted Solutions
best response confirmed by MarshMadness (Copper Contributor)
Solution
Removing nnr methods potentially reduce resolution success rate. If the other 2 are really working fine in high rate it will be ok to disable rdp. Support can help you check using telemetry if indeed this is the case...

View solution in original post