MDI Sensor installation is the Part 05 of the Microsoft Defender for Identity blog series. So far we learned about following about MDI,
Part 01 – MDI Overview
Part 02 – Create Directory Service Account
Part 03 – Collect Windows Events
Part 04 – Network Requirements
In this blog post, I am going to demonstrate how to enable a MDI instance and then install the first MDI sensor in the environment. Before we go into the deployment we need to make sure we have the following in place,
Prerequisites
1) Global Administrator or Security Administrator account in the tenant.
2) Microsoft Defender for Identity Licences – More info about this is available on https://docs.microsoft.com/en-us/defender-for-identity/technical-faq#licensing-and-privacy
3) Microsoft defender for identity prerequisites – This is covered by Part 02 to Part 04 in this blog series.
Setup Microsoft Defender for Identity Instance
Before we go into the sensor setup, we need to create an MDI instance. To setup MDI instance,
1) Log in to the MDI portal https://portal.atp.azure.com/ as Global / Security Administrator.
2) Then click on Create.
3) MDI instance creation process will take a few minutes to complete. After that, you can see the following window,
4) As we can see above, the first task is to provide DSA account details. To configure this, click on Provide a username and password link.
5) In part 02 of this blog series we have created a new DSA account and it is time to use that info to connect MDI to Active Directory. In the form, type the manager service account name in the Username field. Then tick Group managed service account option. After that type the AD domain name in the Domain field.
6) Finally, to apply settings, click on Save.
[Continue reading] about Microsoft Defender for Identity Part 05 – MDI Sensor installation