Feb 24 2021 08:35 AM - edited Feb 24 2021 11:51 AM
It appears that guidance on MDI Sensor vs Standalone Sensor has shifted towards discouraging Standalone sensors altogether. Standalone is now lacking functionality, while all the older materials highlighting its benefits had been removed. (E.g. higher stability/throughput; better security and separation of duties, especially when deployed as a member of a Workgroup etc.)
This begs the question - is Standalone on its way out? And what are the use cases you still believe it is best suited for?
Thank you!
Feb 24 2021 01:18 PM
@MDIAdminMax
Integrated is clearly superior to standalone because it has many more data sources we can use to do detection and add additional security.
Using a Workgroup standalone is better security wise only in theory, assuming that it will be maintained and patched in the same level of a domain joined machine. In most cases it is not...
There is no throughput change compared to integrated, but there is a possible scale issue if your DC is limited to scaling up, and your current spec will not allow the additional resources needed for the sensor (old physical machine for example).
As of today, only 3.19% of sensors we have are standalone. the number keeps dropping monthly.
For now there is no planned decision to remove this option, but in theory this can happen some time in the future once this umber will go down to a ridiculous number...
The Advice is clear - use Integrated whenever possible, use standalone as last option.
May 09 2022 11:52 PM
Hey @Eli Ofek,
Do you have current data on the % sensors that are standalone? I am trying to discourage all customers from doing this, but some have concerns about allowing any internet traffic to DCs. It would be useful to get a steer about the roadmap of this, supportability, etc.
Thanks!
May 10 2022 01:33 AM
You don't need to allow any internet traffic from the DCs, you can use a proxy to allow only the specific url for the sensors API (as described on Configure your proxy or firewall to enable Microsoft Defender for Identity communication with the se...
As for the % of standalone sensors, we see less than 0.5% worldwide.
May 10 2022 02:12 AM
May 10 2022 02:25 AM