Product feedback for Defender for Identity
Hi all, We would love for you to share your thoughts, feedback, and experiences using Defender for Identity. You can share them on Gartner Peer Insights by using this link. Your review will help us get the word out and continue to improve our solution. If you're asked to create an account, please be aware that this is to ensure the legitimacy of the review, and Microsoft will not be given any information on the folks who've submitted reviews, positive or otherwise. Defender for Identity doesn't have any reviews at the moment, so I'd love to see us populate this using the input from this community. I'm always impressed with the feedback we get through these channels. And if you have any questions or comments, let me know!
Reconnaissance using Directory Services queries
Hi, I observe SAMR queries from some servers and desktops to Domain controller for various user accounts. So whenever it's a admin account it triggers the Reconnaissance using Directory Services queries alert on ATA(Microsoft Advanced Threat Analytics). For the investigation I tried to use https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide but not sure how to investigate the below? Are such queries supposed to be made from the source computer in question? What can be the legitimate cases for SAM-R queries ? Note : This is not related to Lenovo issue with SAMR or WaAppAgent.exe Thanks,
