Monitoring AAD Connect

%3CLINGO-SUB%20id%3D%22lingo-sub-2398357%22%20slang%3D%22en-US%22%3EMonitoring%20AAD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2398357%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20MDI%20have%20any%20special%20functionality%20for%20monitoring%20AAD%20Connect%20servers%3F%3C%2FP%3E%3CP%3EShould%20MDI%20be%20installed%20on%20AAD%20Connect%20Servers%3F%20if%20not%2C%20why%20not%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2398786%22%20slang%3D%22en-US%22%3ERE%3A%20Monitoring%20AAD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2398786%22%20slang%3D%22en-US%22%3ENo%2C%20MDI%20is%20not%20supported%20for%20AAD%20Connect%20Servers.%20Only%20Domain%20Controllers%20and%20AD%20FS%20Servers.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Farchitecture%23defender-for-identity-components%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Farchitecture%23defender-for-identity-components%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2399087%22%20slang%3D%22en-US%22%3ERE%3A%20Monitoring%20AAD%20Connect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2399087%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20confirmation.%20Given%20that%20it%E2%80%99s%20a%20Tier%200%20resource%2C%20I%20wonder%20why%20not.%20Do%20you%20think%20that%20it%20should%20be%3F%3C%2FLINGO-BODY%3E
Respected Contributor

Does MDI have any special functionality for monitoring AAD Connect servers?

Should MDI be installed on AAD Connect Servers? if not, why not?

3 Replies
No, MDI is not supported for AAD Connect Servers. Only Domain Controllers and AD FS Servers. https://docs.microsoft.com/en-us/defender-for-identity/architecture#defender-for-identity-components
Thanks for the confirmation. Given that it’s a Tier 0 resource, I wonder why not. Do you think that it should be?

@Dean Gross if its like the older on premise ATA then they use some of the same components so would cause a conflict in operation in certain configs and cause an issue with both products, I would see no main value, from the identities as you are getting the info from on prem AD servers and the Azure AAD logs. so it would just be duplication of events if AAD connect servers had the MDI agent installed. and the HIDS part would have no value. as the no workstations directly talk to the AAD connect server its more of a pull the info for on prem and push to 365 service.

 

if it just to monitor if there is an issue with the server then there is a base monitor that show in the office 365 portal that show the last sync but you can always uses log analytics/ sentinel  with an MMA agent to monitor the server and trigger an alert when there an issue with AAD connect server