You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/health-alerts.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -60,7 +60,7 @@ Sensor-specific health issues are displayed in the **Sensor health issues** tab
60
60
|**Read-only user password to expire shortly**|The read-only user password, used to perform resolution of entities against Active Directory, is about to expire in less than 30 days. If the password for this user expires, all the Defenders for Identity sensors stop running and no new data is collected.|Change the domain connectivity password and then [update the Directory Service account](directory-service-accounts.md) password.|Medium|Global health issues tab|2.x|
61
61
|**Read-only user password expired**|The read-only user password, used to get directory data, expired. All the Defender for Identity sensors stops running, or will stop running soon, and no new data is collected.|Change the domain connectivity password and then [update the Directory Service account](directory-service-accounts.md) password.|High|Global health issues tab|2.x|
62
62
|**Sensor outdated**|A Defender for Identity sensor is running a version that can't communicate with the Defender for Identity cloud infrastructure.|Manually update the sensor and check to see why the sensor isn't automatically updating. If this option doesn't work, download the latest sensor installation package and uninstall and reinstall the sensor. For more information, see [Download the Microsoft Defender for Identity sensor](download-sensor.md) and [Install the Microsoft Defender for Identity sensor](install-sensor.md).|Medium|Sensors health issues tab and Global health issues tab|All|
63
-
|**Sensor reached a memory resource limit**|The Defender for Identity sensor stopped itself and restarts automatically to protect the domain controller from a low memory condition.|The Defender for Identity sensor enforces memory limitations upon itself to prevent the domain controller from experiencing resource limitations. This issue occurs when memory usage on the domain controller is high. Data from this domain controller is only partly monitored.|Increase the amount of memory (RAM) on the domain controller or add more domain controllers in this site to better distribute the load of this domain controller.|Medium|Sensors health issues tab|2.x|
63
+
|**Sensor reached a memory resource limit**|The Defender for Identity sensor stopped itself and restarts automatically to protect the domain controller from a low memory condition.The Defender for Identity sensor enforces memory limitations upon itself to prevent the domain controller from experiencing resource limitations. This issue occurs when memory usage on the domain controller is high. Data from this domain controller is only partly monitored.|Increase the amount of memory (RAM) on the domain controller or add more domain controllers in this site to better distribute the load of this domain controller.|Medium|Sensors health issues tab|2.x|
64
64
|**Sensor service failed to start**|The Defender for Identity sensor service failed to start for at least 30 minutes. This issue can affect the ability to detect suspicious activities originating from domain controllers monitored by this Defender for Identity sensor.|Monitor Defender for Identity sensor logs to understand the root cause for Defender for Identity sensor service failure.|High|Sensors health issues tab|All|
65
65
|**Sensor stopped communicating**|There has been no communication from the Defender for Identity sensor. The default time span for this alert is 5 minutes. This issue indicates that the sensor failed to send data or a keep-alive signal to the Defender for Identity services for a period exceeding the allowed time. This issue typically suggests either a network issue in the environment that prevented data transmission or a server restart that took longer than the acceptable time frame, impacting Defender for Identity's ability to detect suspicious activities.|Check that the communication between the Defender for Identity sensor and Defender for Identity cloud service isn't blocked by any routers or firewalls.|Medium|Sensors health issues tab|All|
66
66
|**Some Windows events are not being analyzed**|The Defender for Identity sensor is receiving more events than it can process which causes some Windows events aren't being analyzed. This issue can affect the ability to detect suspicious activities originating from domain controllers monitored by this Defender for Identity sensor.|Consider [adding more processors and memory](capacity-planning.md) as required. If you're using a standalone Defender for Identity sensor, verify that only the required events are forwarded to the sensor. Or, try forwarding some events to another Defender for Identity sensor.|Medium|Sensors health issues tab and Global health issues tab|2.x|
0 commit comments