You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-identity/deploy/prerequisites-sensor-version-3.md
+24-1Lines changed: 24 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ This article describes the requirements for installing the Microsoft Defender fo
14
14
15
15
Before activating the Defender for Identity sensor v3.x, note that this version of the sensor is still in preview and has some limited functionality compared to version 2.x. Keep these limitations in mind before activating the sensor.
16
16
The Defender for Identity sensor v3.x:
17
-
- Requires that Defender for Endpoint is deployed
17
+
- Requires that Defender for Endpoint is deployed
18
18
- Can't be activated on a server that has a Defender for Identity sensor V2.x already deployed
19
19
- Doesn't currently support VPN integration
20
20
- Doesn't currently support ExpressRoute
@@ -62,6 +62,29 @@ The following table describes memory requirements on the server used for the Def
62
62
63
63
> [!IMPORTANT]
64
64
> When running as a virtual machine, all memory must be allocated to the virtual machine at all times.
65
+
## Configure Unified Sensor to support advanced identity detections
66
+
67
+
Applying the **Unified Sensor RPC Audit** tag enables a new, tested capability on the machine, improving security visibility and unlocking additional identity detections. Once applied, the configuration is enforced on **existing and future devices** that match the rule criteria. The tag itself is visible in the Device Inventory, providing admins with transparency and auditing capabilities.
68
+
69
+
**Steps to apply the configuration:**
70
+
71
+
1. In the **Microsoft Defender portal**, navigate to: **System > Settings > Microsoft Defender XDR > Asset Rule Management**.
72
+
2. Create a new rule.
73
+
3. In the side panel:
74
+
75
+
1. Select a **name** for the rule.
76
+
77
+
1. Set **rule conditions** using `Device name`, `Domain`, or `Device tag` to target the desired machines.
78
+
79
+
1. Ensure that the **Defender for Identity V3.x sensor** is already deployed on the selected devices.
80
+
81
+
1. Matching should primarily target **domain controllers** with the V3.x sensor installed.
82
+
83
+
1.**Add the tag**`Unified Sensor RPC Audit` to the selected devices.
84
+
85
+
1. Click **Submit** to save the rule.
86
+
87
+
Offboarding a device from this configuration can be done by **deleting the asset rule** or **modifying the rule conditions** so the device no longer matches.
0 commit comments