Microsoft Defender for Identity standalone sensors

Copper Contributor

Hi 

 

 Current scenario: we are forwarding domain control security logs to another server(windows machine) via the "WEF configuration ".  We have logs in forwarded events ( event viewer).

In future if am installing an identity sensor on a standalone method should I configure port mirroring and Directory services accounts? is that a mandatory configuration for the stand-alone sensor?

 

 

1 Reply
In your scenario yes and you refer to the below documentation

https://learn.microsoft.com/en-us/defender-for-identity/configure-port-mirroring

Side Note : Defender for Identity standalone sensors do not support the collection of Event Tracing for Windows (ETW) log entries that provide the data for multiple detections. For full coverage of your environment, we recommend deploying the Defender for Identity sensor.