SOLVED

Is RDP for NNR from MDI Sensors necessary?

Occasional Contributor

I am looking to see how important it is for use of RDP for NNR specific to MDI.  After looking at the posts here and MS documentation, it suggests that all 3 (NTLM over RPC, NetBIOS and RDP) methods should be allowed to all endpoints.  We do have many systems behind FW's that do not allow this protocol.  I also see that there is an option to disable an optional NNR method in Defender for Identity to fit the needs of your environment (support ticket required.)

 

My question is what is the impact (what am I losing) if I disable the RDP methodology assuming the other 2 are functioning as expected.

 

Thanks in advance for your consideration.

3 Replies
Best Response confirmed by MarshMadness (Occasional Contributor)
Solution
Removing nnr methods potentially reduce resolution success rate. If the other 2 are really working fine in high rate it will be ok to disable rdp. Support can help you check using telemetry if indeed this is the case...

@Eli Ofek 

one of our customers is also reluctant to enable RDP, anyway we can check the efficiency ourselves for the other methods or is a support case the only option to get telemetry data?

@Alex Verboon 
Support case is the only way.