This offering achieves an MDI non-production pilot to illuminate the identity threat environment within the enterprise and joins the response capabilities with the Azure security cloud.
Deliverables: • Provide recommendations to create a Group Managed Service Account (gMSA) to authenticate the Microsoft Defender for Identity sensors • Download and deploy Microsoft Defender for Identity sensors to non-production Domain Controllers • Configure exclusions, notifications, and schedule assessment reports • Configure sign-in and user risk based Conditional Access policies
Scope included: o Configuration of Microsoft Defender for Identity in the production environment o Quick Start deliverables o Deployment of Microsoft Defender for Identity sensors to production Domain Controllers o Attack simulations (up to 4 use cases) o Configuration of exclusions, notifications, and schedule assessment reports o Review of the OOTB ingestion into Microsoft Sentinel