cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more

Microsoft Defender for Identity standalone sensors

JILIN_RAJU
Copper Contributor

‎Oct 27 2023 03:19 AM - edited ‎Oct 27 2023 03:19 AM

‎Oct 27 2023 03:19 AM - edited ‎Oct 27 2023 03:19 AM

Microsoft Defender for Identity standalone sensors

Hi 

 

 Current scenario: we are forwarding domain control security logs to another server(windows machine) via the "WEF configuration ".  We have logs in forwarded events ( event viewer).

In future if am installing an identity sensor on a standalone method should I configure port mirroring and Directory services accounts? is that a mandatory configuration for the stand-alone sensor?

 

 

440 Views
0 Likes
1 Reply
Reply
1 Reply
eliekarkafy

‎Oct 27 2023 09:15 AM

‎Oct 27 2023 09:15 AM

Re: Microsoft Defender for Identity standalone sensors

In your scenario yes and you refer to the below documentation

https://learn.microsoft.com/en-us/defender-for-identity/configure-port-mirroring

Side Note : Defender for Identity standalone sensors do not support the collection of Event Tracing for Windows (ETW) log entries that provide the data for multiple detections. For full coverage of your environment, we recommend deploying the Defender for Identity sensor.
0 Likes
Reply