Security assessment: Start your Defender for Identity deployment

This article describes the Start your Defender for Identity deployment security assessment, which encourages you to install sensors on domain controllers and other eligible servers.

Why is not having Defender for Identity deployed considered a risk?

If you've obtained a Defender for Identity license, but haven't yet deployed Defender for Identity sensors, not only are you not yet using your purchased services, but you may be missing advanced threats in your identity infrastructure.

Defender for Identity uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Defender for Identity is also part of monitoring for Zero Trust. You may also want to use advanced hunting queries in Microsoft Defender XDR to look for threats across identities, devices, and cloud apps.

For more information, see:

How do I use this security assessment?

  1. Review the recommended action at https://security.microsoft.com/securescore?viewid=actions to be alerted if you have a Defender for Identity license, but don't have Defender for Identity deployed.

  2. Take appropriate action by deploying Defender for Identity. For more information, see Deploy Microsoft Defender for Identity with Microsoft Defender XDR.

Note

While assessments are updated in near real time, scores and statuses are updated every 24 hours. While the list of impacted entities is updated within a few minutes of your implementing the recommendations, the status may still take time until it's marked as Completed.

See also