Microsoft Defender for Identity Inc FULL DEMO
HTML-код
- Опубликовано: 16 окт 2024
- In this episode I take a deep dive into Microsoft Defender for Identity. Including a full demo on how to set it up and configure it. I’ll also show a demo of an Advisory In the Middle Attack AiTM and demonstrate how Microsoft’s XDR platform can not only detect these attacks but how AI & machine learning can help thwart such attacks by undertaking a constant behavioural analysis of every user and their login attempts. This is a session packed with demos, so if you’re preparing for certification or simply looking to learn. Then this will be an invaluable session for you.
For more details on me visit Andymalone.org
If you want access to exclusive content and more why not consider supporting me and join me on Patreon. / andymalonemvp
Really exciting to be part of the 100k milestone!! Much more coming, you deserve it!
😊👍Aw thanks so much😊
As always thank you so much, Andy. Cheers!
You’re very welcome, and thank you 👍
I just wanted to extend a heartfelt thank you for your series of videos. Back in 2016, when I was working as an admin, Microsoft's constant rebranding and renaming made it quite a labyrinth to navigate through. Your videos, with their clear and concise approach, have been a beacon of clarity for me. The bite-sized format is perfect for understanding complex topics without feeling overwhelmed.
Now, as I've transitioned to working for a non-profit, and we're in the midst of shifting over to MS365, your videos have become an invaluable resource. They've greatly simplified the migration and rollout process, making what could have been a daunting task much more manageable. Your insights and straightforward explanations have not only helped me but also my entire team in adapting to the new system.
I cannot emphasize enough the significant influence your work has had on our organization. Your commitment to demystifying the administration of MS365 and making it approachable for everyone is truly praiseworthy. Thank you once more for your priceless advice and steadfast support throughout this journey! TPR Thanks you!
Thanks so very much for your kind comments they’re very much appreciated and I’m delighted to have you on board 👍 😊
Thanks Andy! Great stuff as always!
Thank you Andy for this new short demo but one more time the license requirements do not meet small companies, too bad...
Just Subscribed :) Merry Christmas Andy
Likewise and thanks so much👍😊🎄🎄🎄
Thanks again Andy! 100K subscribers come on!!
🎉🎉🎉🙏🙏🙏🙏
Andy that was really great, clear instructions which helps you to understand the deployment. What it would be great (if this possible) is to create a video where you will translate the security features of M365 what business needs fulfill, like talking to c-levels-decision owners. What conditional access, intune, defender,etc mean for their business describe some benefits with real time examples . I hope my comment was clear. Thanks again for the great work.
Subscribed 👍let's get it!
Thanks for the wonderful explanation Andy. Just wanted to check with you.. do we need to enable Sentinel Logging or Does it automatically log the incidents post configuring the Defender for Identities? Because i saw something like we need to enable syslog which instead integrates with Sentinel. Please explain..
You will need to enable Azure log analytics. Gather data you will then connect to your various data sources using the connectors at the bottom left-hand corner. Be careful though over monitoring can be a pricey affair 😊
Hi Andy, two questions - 1. when this is deployed, will there be downtime? If yes, roughly how long? 2. Are there any visible changes from the users point of view? Thank you
You can install it on multiple domain controllers, thus reducing the possibility of downtime.
Hi Andy, apart from the documentation on MS Learning, do you have any for this? I need advice on how to implement this. Thank you.
Peter Rising wrote a great book on Defender for Endpoint :-)
@@AndyMaloneMVP thank you. I got one on Amazon and it arrived today. Exciting times.
Big like and a comment, that is a great video. thanks
@4:42- if you have more than one server, will you use the same key?
Yes
Where do you provide the Password for the Group Managed Service Account ?
You don’t it’s system generated so that you don’t need to worry about it
Hello Andy, what happend with the computer screen recording? It's to blurry to watch, I'm sorry.
Blurry? Hmm not sure perhaps RUclips rendering is a bit slow
Andy one of things that are missing in most videos regarding Microsoft products are lacking in one key areas, licensing dependencies. Is Microsoft Defender for Identity included in any other licenses? Are parts of it included in other products, if so which ones? This is probably a simple question, but this holds true on most of the products that are show in RUclips videos. Not picking on you.
I totally agree of course, most of the features I’m demonstrating are in A5 but are also often available in other skews. A great website for you to check out is M365maps.com. You can compare the different features and different plans. It’s an awesome site.
We appreciate your videos on YT. I just had a look on your pateron page and found some nice courses. I hope you reconsider the prices especailly for those countries in Middle East and Asia. I believe more subscribour will join you patreon Silver & Gold. Training is a crucial for jounior and most of the comanies try to force the junior to pay from their own pocket which is not fair at all.
Thanks for your nice comment. Regarding the Patreon prices I think they’re very good value considering the list price of actually attending these courses is tenfold the price that I’m charging in addition remember you also get the monthly zoom call and can ask questions at any point.
Hold on… did you says full courses for patreon members?
Yes, I record a module of full training and add it to my Patreon site every week courses up at the moment. Include SC 900 a security and compliance master class and SC 300.
@1:28 - what if you don't have on-prem AD?
Then you don’t need defender for identity
I handle alerts and incidents from MDI in the Security portal on a regular basis. Although this protection is a must, I find the details provided in the alerts to be lacking in a practical sense. That is to say, I see alerts for say a suspicious login event/attempt, but nothing in the alert details or timeline explains exactly how the event was suspicious - nothing specific is highlighted in the event details. This is true for all other types of MDI alerts as well. And we are mostly just left reviewing AzureAD sign-in logs and asking other IT Admins about possible scheduled network maintenance, to inevitably just guessing if the event is something to worry about or not. There really is very little usable details in the MDI alerts.
I agree with you concerning the base alerts. However, you can create your own alerts and your own rules. Have you explored this? For more information check out learn.microsoft.com as this contains all the learning and documentation materials for this.
So it's useless without Sentinel?
Absolutely not
i would love to see a Video of how to get Fslogics & office products to work while you roam through more than one Server. the tokens are always messed up at some point and you have to deal wit AADBroker Plugin and stuff. You even get a 1001 Error in Outlook and MS has no answer and says to use the owa as a Workaround. Well...No
Honestly, this is not one of my topics. Have you checked out John Savile’s channel as he specialises in Microsoft, Azure Operations. Whereas I tend to focus more on Microsoft 365. That said I will add it to my list and take a look. Thanks again.
@@AndyMaloneMVPthank you for your answer. It is really one of the main problems we have with ms. Since fslogix is also a microsoft product i do not understand that no one has the answer. Changing/add regkeys is no answer really. If you know someone who knows someone i would be very thankful.
great video man!!!!!! do like mickey mouse club
Hi everyone. I am looking for solution to restrict teams calls to C level executives from regular users. I have a E5 license attached to all C level and regular users also. Thank you for feedback 😊
Try posting this question on the Microsoft tech Community.
Do I need to set the Windows service to log on as a service or a local account under services.msc?
Using the service account, it’s always a good idea and of course it’s more secure