Share via

Windows 2019/2022 Microsoft Defender Endpoint and Defender for Identity

Sukumaran, Pradeep (GRSB RPS) 0 Reputation points
2025-03-13T09:54:08.3+00:00

Hi All,

we have Microsoft defender for endpoint onboarded , if we need to deploy defender for identity do we need to install the MDI sensor or in windows 2019/2022 updated with latest patches we just need offboard and onboard again using MDE script.

if so where do we find the logs file for Defender for identity.

could you please share the some article for the same.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,911 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jose Benjamin Solis Nolasco 706 Reputation points
    2025-03-13T16:24:03.8466667+00:00

    Hello,

    if you want to deploy Defender for Identity on your Windows Server 2019/2022 environment—even one already onboarded with Microsoft Defender for Endpoint—you must install the separate MDI sensor.

    The logs you can send it to a SIEM and also you can see it at Defender for Identity Portal that now is just one https://security.microsoft.com/

    See https://learn.microsoft.com/en-us/defender-for-identity/deploy/deploy-defender-identity

    Here you can take a look about what audit data you have to enable on your server and what is going to monitor

    https://learn.microsoft.com/en-us/defender-for-identity/deploy/event-collection-overview

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

  2. Jose Benjamin Solis Nolasco 706 Reputation points
    2025-03-13T19:10:26.68+00:00

    Just following up, Do you need more guidance or assistance ?

    0 comments
  3. Molly Lu-MSFT 1,571 Reputation points Microsoft External Staff
    2025-03-14T09:00:56.7433333+00:00

    Hello,

    Thank you for posting in Microsoft Q&A.

    Based on the description, I understand your question is related to defender.

    To deploy Microsoft Defender for Identity (MDI) with Microsoft Defender for Endpoint (MDE) already onboarded, you can consider install the MDI sensor.

    Go to the Microsoft Defender portal. Navigate to Settings > Identities > Sensors. Click on Add sensor and download the installer package.

    Transfer the installer package to your domain controller. Run the installer with administrative privileges and follow the setup wizard

    https://learn.microsoft.com/en-us/defender-for-identity/deploy/install-sensor

    Have a nice day.

    Best Regards,

    Molly

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.