Download the Microsoft Defender for Identity classic sensor
This article describes how to download the Microsoft Defender for Identity classic sensor for your domain controllers or AD CS / AD FS and Entra Connect servers.
Important
The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor. Learn more about the new sensor
Add a sensor and download sensor software
In Microsoft Defender XDR, go to System > Settings > Identities.
Select the Sensors tab, which displays all of your Defender for Identity sensors. For example:
Select Add sensor. Then, in the Add a new sensor pane, select Download installer, and save the installation package locally. The downloaded zip file includes the following files:
The Defender for Identity sensor installer
The configuration setting file with the required information to connect to the Defender for Identity cloud service
Npcap OEM version 1.0, which is automatically installed by the sensor installation if it's not found to be already installed
In the Add a new sensor pane, copy the Access key value and save it to a secured location. This access key is a one-time password for use when deploying the sensor, after which communication is performed using certificates for authentication and TLS encryption.
Tip
It is recommended to regenerate the access key using the Regenerate key button on a regular basis. It won't affect any previously deployed sensors, because it's only used for initial registration of the sensor.
Copy the downloaded installation package to the dedicated server or domain controller where you're installing the Defender for Identity sensor.