New Improvements for Defender for Identity Sensor

Listen to this Post

Featured Image
The new Defender for Identity sensor (version 3.x) is recommended for customers deploying core identity protections on Windows Server 2019 or newer. For other identity infrastructure, the classic sensor remains the best option.

What’s New?

✅ Standalone Deployment Enabled:

The new sensor can now be deployed on Domain Controllers without Defender for Endpoint onboarding, simplifying activation for organizations not using Defender for Endpoint as their EDR solution.

How to Implement?

  1. Download the Defender for Identity onboarding package from the Microsoft Security Portal.

2. Run the DefenderForIdentityOnlyOnboardingScript.cmd script.

✅ Enhanced Transparency:

The Activation Page now displays all servers from your device inventory, including those not yet eligible for the new sensor, improving visibility and targeted onboarding.

👉 Learn more: Microsoft Defender for Identity Sensors

You Should Know:

Deploying Defender for Identity Sensor (Standalone Mode)

 Download the onboarding package 
Invoke-WebRequest -Uri "https://security.microsoft.com" -OutFile "DefenderForIdentity.zip"

Extract and run the onboarding script 
Expand-Archive -Path "DefenderForIdentity.zip" -DestinationPath "C:\DefenderIdentity" 
cd C:\DefenderIdentity 
.\DefenderForIdentityOnlyOnboardingScript.cmd 

Verify Sensor Status

Get-Service -Name "Microsoft Defender for Identity Sensor" | Select-Object Status, DisplayName 

Check Domain Controller Eligibility

 List all domain controllers 
Get-ADDomainController -Filter  | Select-Object Name, OperatingSystem 

Enable Enhanced Logging (Optional)

 Enable verbose logging for troubleshooting 
Set-MpPreference -EnableNetworkProtection Enabled -Verbose 

Linux Alternative (If Using Cross-Platform Monitoring)

 Check network connections (useful for hybrid environments) 
sudo netstat -tulnp | grep "mdi" 

What Undercode Say

Deploying Defender for Identity 3.x simplifies security for modern Windows Server environments while maintaining backward compatibility. The standalone deployment option is a game-changer for organizations avoiding full Defender for Endpoint integration.

Key Commands Recap:

  • Onboarding: Run the `.cmd` script from the extracted package.
  • Verification: Use `Get-Service` to check sensor status.
  • Eligibility Check: PowerShell `Get-ADDomainController` helps identify deployable servers.

For advanced users, enabling network protection logs (Set-MpPreference) ensures deeper visibility.

Expected Output:

[/bash]

Status DisplayName

Running Microsoft Defender for Identity Sensor

[bash]

Prediction
As Microsoft Defender for Identity evolves, expect tighter XDR integration and AI-driven anomaly detection for identity-based threats. Organizations should prepare for automated remediation scripts in future updates.

References:

Reported By: Wjpvandenheuvel Microsoftdefender – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram