All Content
Timespan
​
Image Source: Shutterstock.com
Sep 8, 2022 4:18 PM
Microsoft Defender for Identity Configuration Checker by Raymond Roethof
External Blog Post
Per request, I created a Microsoft Defender for Identity Configuration Checker, which includes a Graphical User Interface. I can not make it simpler than this to check the Microsoft Defender for Identity configuration. Simply run the tool and check the dashboard to ensure everything is configured correctly. The buttons in the menu give a more granular view of the configuration per item.
Usage Microsoft GitHub Scanner
If the items on the dashboard look happy and not greyed-out, the item is configured correctly. If the item does not look happy and is greyed-out, use the menu on the left to see what is not configured corectly.
https://github.com/thalpius/Microsoft-Defender-for-Identity-Configuration-Checker
Configure Windows Event collection (Microsoft)
Microsoft Defender for Identity detection relies on specific Windows Event log entries to enhance some detections and provide additional information on who performed specific actions such as NTLM logons, security group modifications, and similar events.
https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection