Microsoft Defender for Identity is a critical security solution that helps protect your organization against identity-based attacks. This comprehensive guide will walk you through the quick installation process to get your Defender for Identity sensors up and running on your Active Directory, Active Directory Federation Services (AD FS), and Active Directory Certificate Services (AD CS) servers.

Prerequisites

Before you begin the installation, it’s important to ensure you have the necessary prerequisites in place:

Licensing Requirements

Make sure you have one of the following licenses to use Microsoft Defender for Identity:

  • Microsoft 365 E5 or Microsoft 365 E5 Security
  • Microsoft Defender for Identity standalone license

For more details on licensing, check the Licensing and Privacy FAQs.

Required Permissions

To create your Defender for Identity workspace, you’ll need a Microsoft Entra ID tenant with at least one Security Administrator. You’ll need at least Security Administrator access on your tenant to access the Identity section of the Microsoft Defender XDR Settings area and create the workspace.

Minimum System Requirements

Installing a Defender for Identity sensor requires a minimum of 2 cores, 6 GB of RAM, and 6 GB of disk space on your domain controller. If running as a virtual machine, all memory must be allocated to the VM at all times. For more details, see the Plan capacity for Microsoft Defender for Identity deployment guide.

Check Network Connectivity

Verify that the servers you intend to install Defender for Identity sensors on can reach the Defender for Identity cloud service. From each server, try accessing: https://*your-workspace-name*sensorapi.atp.azure.com. You can find your workspace name on the About page in the portal.

Installing Defender for Identity Sensors

Now that you’ve confirmed the prerequisites are in place, follow these steps to download and install the Defender for Identity sensor:

  1. Download the Defender for Identity sensor from the Microsoft Defender portal. Go to Settings -> Identities -> Sensors -> Add sensor and copy the Access key value, which you’ll need for the installation.

    [!TIP] You only need to download the installer once, as it can be used for every server in your tenant. Make sure no pop-up blocker is blocking the download.

  2. From the domain controller, run the installer you downloaded from Microsoft Defender XDR and follow the on-screen instructions.

Next Steps

For more detailed installation instructions, including guidance on deploying to multiple domain controllers using silent installation, check out the Deploy Microsoft Defender for Identity with Microsoft Defender XDR guide.

By quickly installing Defender for Identity sensors on your key servers, you’re taking an important step to protect your organization against identity-based attacks. Stay tuned for more guidance on configuring and optimizing your Defender for Identity deployment.

Source: Quick installation guide | Microsoft Defender for Identity