Configuring Microsoft Defender for Identity on Microsoft 365 Subscription E5

Deploying Microsoft Defender for Identity

Question

You have a Microsoft 365 subscription E5 subscription.

Your have the following servers: Domain Controller: Windows Server 2016 SQL Server: Windows Server 2019 Member Server: Windows Server 2016 Considerations: No software should be installed on the Domain Controller.

To protect your organization against threats you decide to deploy Microsoft Defender for Identity.How would you configure this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

Since we are not allowed to install the ATP Sensor on the domain controller directly, we must install the ATP Standalone sensor on the Member Server

Configure port mirroring for the domain controller to be monitored.

Recommendation: Set an event forwarding from the domain controller to get the Windows Event Logs.

Option A is incorrect.

We are not allowed to install anything on the domain controller.

Option B is incorrect.

We must install the Standalone sensor to be able to send traffic through port mirroring.

Option C is incorrect.

We are not allowed to install anything on the domain controller.

To know more about defender for identity prerequisites, please refer to the link below:

As a security administrator, you want to deploy Microsoft Defender for Identity to protect your organization against threats. However, you need to make sure that you don't install any software on the Domain Controller as per your considerations.

Microsoft Defender for Identity provides two types of sensors: ATP Sensor and ATP Standalone sensor. The ATP Sensor is an agent-based solution that is installed on the server to monitor and analyze network traffic. The ATP Standalone sensor is a network traffic sensor that is installed on a mirror port on your network switch.

Given the considerations, the best approach would be to install the ATP Standalone sensor on the Member Server. The reason for this is that the Member Server is not the Domain Controller, and it is also running on Windows Server 2016 which is compatible with the ATP Standalone sensor.

Option A, which is to install the ATP Sensor on the Domain Controller, is not recommended as per your considerations. You want to avoid installing any software on the Domain Controller.

Option C, which is to install the ATP Standalone sensor on the Domain Controller, is also not recommended as per your considerations. You want to avoid installing any software on the Domain Controller.

Option D, which is to install the ATP Standalone sensor on the Member Server, is the correct option as it satisfies your considerations and ensures that your organization is protected against threats.

In summary, the best approach for configuring Microsoft Defender for Identity in this scenario would be to install the ATP Standalone sensor on the Member Server.