Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains three domain controllers named DC1,
DC2, and DC3.
You connect a Microsoft Defender for Identity instance to the domain.
You need to onboard all the domain controllers to Defender for Identity.
What should you run on the domain controllers?
Click on the arrows to vote for the correct answer
A. B. C. D.A
Azure ATP uses data from sensors, known as Azure ATP Sensors, that are installed on your domain controllers. The ATP sensors monitor the domain controller network traffic for signs of malicious activity, as well as other security risks such as connections made with weak or insecure protocols.
Incorrect:
Not B: The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.
Not C: Azure Backup uses the MARS agent to back up files, folders, and system state from on-premises machines and Azure VMs. Those backups are stored in a
Recovery Services vault in Azure.
Not D: The Microsoft Monitoring Agent is a service used to watch and report on application and system health on a Windows computer. The Microsoft Monitoring
Agent collects and reports a variety of data including performance metrics, event logs and trace information.
The correct answer is A. Azure ATP Sensor Setup.exe.
Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that helps identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions by leveraging on-premises Active Directory signals.
To onboard domain controllers to Defender for Identity, you need to install the Azure ATP sensor on each domain controller. The sensor is a lightweight software component that is responsible for collecting security-related events from the domain controller and sending them to the Defender for Identity cloud service for analysis.
Option A, Azure ATP Sensor Setup.exe, is the correct choice because it is the installer for the Azure ATP sensor. Once you run this installer on each domain controller, it will automatically configure the sensor and start collecting security events.
Option B, AzureConnectedMachineAgent.msi, is not the correct choice because it is the installer for the Azure Arc Connected Machine agent. This agent is used to onboard on-premises Windows and Linux servers, but not domain controllers, to Azure Arc for centralized management.
Option C, MARSAgentInstaller.exe, is not the correct choice because it is the installer for the Microsoft Automated Response and Security (MARS) agent. This agent is used to collect and send security-related events from non-domain controller sources to Defender for Identity, such as member servers and workstations.
Option D, MMASetup-AMD64.exe, is not the correct choice because it is the installer for the Microsoft Monitoring Agent (MMA). This agent is used to collect and send performance data, event logs, and other telemetry data to Azure Monitor and other Microsoft cloud services, but not to Defender for Identity.