cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender for Identity

hatommy118
Copper Contributor

‎Sep 13 2023 11:48 AM

‎Sep 13 2023 11:48 AM

Microsoft Defender for Identity

I have implemented this, but how do I know it's working?  The reports don't have a lot of information.  

Also, I have remedy the Global health issues per the links provided, but how do we know it's really remedied?  I close the alerts, but how do I know it's working the way it should?  

 

Thanks,

Tommy

272 Views
1 Like
6 Replies
Reply
6 Replies
BillClarksonAntill

‎Sep 14 2023 10:33 PM

‎Sep 14 2023 10:33 PM

Re: Microsoft Defender for Identity

few ways you can check, in the Microsoft 365 Defender portal

Check to see if there are any alerts being generated by the Defender for identity by filtering by "detection source" and "MDI"

Check the advanced Hunting section to view the Identityinfo, IdentityLogonEvents, IdentityqueryEvents and IdentityDirectoryEvents if you are receiving information that's another sign that its working

Check Settings > Identities > Sensors Tab > check health of your sensors
Check Settings > Identities > Health Issues > check for health alerts

If logging isnt present when you query the advanced hunting table, then I would say u have some issues
It also could be if config has been applied correctly, you have a very quiet environment (which is a good thing)
2 Likes
Reply
Antons Bukels

‎Sep 14 2023 10:54 PM

‎Sep 14 2023 10:54 PM

Re: Microsoft Defender for Identity

@hatommy118, you could use MDI Attack simulations to learn about detections and test some scenarios Attack simulations - Microsoft Defender for Identity | Microsoft Learn

1 Like
Reply
hatommy118

‎Sep 18 2023 02:05 PM

‎Sep 18 2023 02:05 PM

Re: Microsoft Defender for Identity

After implementing this, our users are complaining opening network files such as adobe and excel is very slow. Have you experience this? Please advise.
0 Likes
Reply
BillClarksonAntill

‎Sep 22 2023 09:17 PM

‎Sep 22 2023 09:17 PM

Re: Microsoft Defender for Identity

@hatommy118 

 

Never experienced slow connectivity, do you have by chance a network engineer who can inspect the traffic ingress/egress?

0 Likes
Reply
hatommy118

‎Sep 25 2023 06:23 AM

‎Sep 25 2023 06:23 AM

Re: Microsoft Defender for Identity

Thanks for replying, turns out it was Carbon Black, the timing was impeccable!
0 Likes
Reply
hatommy118

‎Sep 25 2023 08:28 AM

‎Sep 25 2023 08:28 AM

Re: Microsoft Defender for Identity

Running the below commands doesn't trigger any alerts, while doing the simulations of an attack. Any ideas why this is?

net group /domain
net group "Domain Admins" /domain
net group "Enterprise Admins" /domain
net group "Schema Admins" /domain

0 Likes
Reply