Provide Implementation steps and best practices for Configuring Defender for Identity on on-prem AD Domain Controllers and/or AD Federation Services &/or AD Certificate Services
Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:
• Monitor users, entity behavior, and activities with learning-based analytics
• Protect user identities and credentials stored in Active Directory
• Identify and investigate suspicious user activities and advanced attacks throughout the kill chain
• Provide clear incident information on a simple timeline for fast triage
As part of securing your Identity, in this offer Bulletproof will:
• Configure required permissions for the Microsoft 365 Defender experience and Role Groups if needed
• Enable Microsoft Defender for Identity instance
• If needed, configure endpoint proxy and Internet connectivity settings for your Microsoft Defender for Identity sensor
• Plan capacity for Microsoft Defender for Identity deployment
• Configure domain service account DSA or gMSA
• Install Sensor on Domain Controllers
• Configure Windows Event Collection
• Configure Microsoft Defender for Identity action accounts
• Integrate MDI and other Defender solutions if needed
• Enable Azure Sentinel Data Connector if needed
• Configure Sensitive users and Honeytoken accounts
• Configure SAM-R to enable lateral movement path detection in Microsoft Defender for Identity
Who will benefit the most out of this implementation:
• Customers with E5 or MDI standalone licenses who need help in implementation
• Customers who need to know what are the benefits of using Defender for Identity
• Customers who are exploring the use of Sentinel, and needs to enable all the Defender suite solutions to get full value of the Microsoft Defender suite.
• Customers who are in their journey in securing identities on-prem and in the cloud