SOLVED

MDI sensors required on ADFS WAP servers?

Copper Contributor

Hi

 

Is the MDI sensor required on the ADFS WAP servers, or will installing them on the regular ADFS servers be sufficient?

Our WAP servers are not domain joined, so not sure how that would work with the Directory Service accounts, on the regular ADFS servers the agent would not start until it had access to the gMSA account.

4 Replies
best response confirmed by Joachim83 (Copper Contributor)
Solution
No you do not need to install it the WAP servers

@bjarneabraham  And exactly why not? I mean, activity on the WAP may not reach ADFS, hence you miss these signals of possible malicious actions.

One do not install MDI sensors on servers that does not hand out keys to the kingdom.
I don't agree. If somebody is knocking at the front door I would like to know. I am not only protecting the fridge 😉 (Zero trust, you know)
1 best response

Accepted Solutions
best response confirmed by Joachim83 (Copper Contributor)
Solution
No you do not need to install it the WAP servers

View solution in original post