Mar 25 2021 07:10 AM - edited Mar 25 2021 07:11 AM
Problem: my ADFS servers are not tagged as "sensitive" opposed the announcement made in "Tag the AD FS as a sensitive entity further enhances protection" on https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-defender-for-identity-expand...
Any idea, why the AD FS servers in the Microsoft Defender for Identity portal are not automatically tagged as sensitive?
Mar 25 2021 10:19 AM
Mar 25 2021 10:50 AM - edited Mar 25 2021 11:30 AM
> For sensor installations on AD FS servers, if you are using an external SQL server,
> configure the SQL server to allow the Directory service account (Configuration >
> Directory services > Username) connect, log in, read, and select permissions to the
> AdfsConfiguration database.
I read these instructions you're referring to, but as we do use WID and not an extrernal SQL server, I expected that it should work without additional steps.
Can you/anyone confirm that this step is a prerequisite for ADFS using WID (+ gMSA) too?
Mar 26 2021 08:04 AM - edited Mar 26 2021 08:08 AM
@ophir_grinstein thank you for your answers so far!
now we have
- granted read/select permissions to the Directory Service account (gMSA) on the AD FS database (WID)
- un-/installed MDI sensor on both AD FS servers
but unfortunately this has not resulted in any change, the servers are still not automatically tagged as sensitive.
something else we can check or adapt?
in the log file "C:\Program Files\Azure Advanced Threat Protection Sensor\2.143.13969.43847\Logs\Microsoft.Tri.Sensor.log" we do see some warnings:
2021-03-26 14:25:37.9381 Warn JsonSerializerSettingsExtension+JsonSerializationBinder GetTypeFromName [typeName=GetSensorComputerIpAddressAssertionsResponse]
2021-03-26 14:25:37.9538 Warn DirectoryServicesResolver SynchronizeAdfsServerDnsNamesAsync DomainId= CoveredDomainCount=1
2021-03-26 14:25:38.0164 Warn DirectoryServicesResolver UpdateSensitiveServersAsync [identifier=queriedAdfsServerDnsNames serverDnsNames=ADFS-SERVER-1;ADFS-SERVER-2]