Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

MDI sensors required on ADFS WAP servers?

Copper Contributor



Is the MDI sensor required on the ADFS WAP servers, or will installing them on the regular ADFS servers be sufficient?

Our WAP servers are not domain joined, so not sure how that would work with the Directory Service accounts, on the regular ADFS servers the agent would not start until it had access to the gMSA account.

4 Replies
best response confirmed by Joachim83 (Copper Contributor)
No you do not need to install it the WAP servers

@bjarneabraham  And exactly why not? I mean, activity on the WAP may not reach ADFS, hence you miss these signals of possible malicious actions.

One do not install MDI sensors on servers that does not hand out keys to the kingdom.
I don't agree. If somebody is knocking at the front door I would like to know. I am not only protecting the fridge ;) (Zero trust, you know)