MDI sensors required on ADFS WAP servers?

Occasional Contributor



Is the MDI sensor required on the ADFS WAP servers, or will installing them on the regular ADFS servers be sufficient?

Our WAP servers are not domain joined, so not sure how that would work with the Directory Service accounts, on the regular ADFS servers the agent would not start until it had access to the gMSA account.

4 Replies
best response confirmed by Joachim83 (Occasional Contributor)
No you do not need to install it the WAP servers

@Bjarne Abraham  And exactly why not? I mean, activity on the WAP may not reach ADFS, hence you miss these signals of possible malicious actions.

One do not install MDI sensors on servers that does not hand out keys to the kingdom.
I don't agree. If somebody is knocking at the front door I would like to know. I am not only protecting the fridge ;) (Zero trust, you know)