How to Install Defender for Identity Module
In this tutorial, you’ll learn how to install Defender for Identity module. This powershell module contains a set of functions that allow you to configure Microsoft Defender for Identity in your setup.
For those of you who are unfamiliar with Defender for Identity, it is a cloud-based security solution that Microsoft offers to help secure your identity monitoring across your organization. It’s an online service and you will need to buy the licenses to use it.
Microsoft offers detailed documentation on how to use and configure components related to Defender for identity. However, when you choose to follow the documentation and manually configure things, it may take time and you may encounter unforeseen errors. That’s when the Defender for Identity PowerShell cmdlets come in handy. They let you set up the required configurations with ease and consume less time.
Also Read: How to Run MDE Client Analyzer on Windows
Prerequisites
To install the Defender for Identity module and use it’s related cmdlets, you need the following prerequisites:
- Windows PowerShell 5.1 or PowerShell 7.4 or later.
- Before installing the ‘DefenderForIdentity‘ module, you must first install the dependent module ‘ActiveDirectory‘.
If the server is missing the Active Directory dependency module, you will encounter the following warning: The externally managed, dependent module ‘ActiveDirectory’ is not installed on this
computer. To use the current module ‘DefenderForIdentity’, ensure that its dependent module
‘ActiveDirectory’ is installed.
Install Defender for Identity Module
To install the defender for Identity module, launch PowerShell as administrator. Run the command Install-Module -Name DefenderForIdentity. Accept the installation of the required modules and that’s it.
DefenderforIdentity Cmdlets
When you install the DefenderforIdentity PowerShell module, it offers additional cmdlets to automate the configuration processes for domains, domain controllers, and other sensor servers. These functions are provided by Microsoft and you should use them carefully after reading their descriptions.
Cmdlet Name | Description |
---|---|
Clear-MDISensorProxyConfiguration | If you have configured the proxy for the Defender for Identity sensor, this function clears the configuration. |
Get-MDIConfiguration | This function is useful in retrieving the configuration for various Defender for Identity post-deployment required settings. |
Get-MDISensorProxyConfiguration | Retrieves the proxy configuration for the Defender for Identity sensor. If you see the $null error, it means the remote sensor configuration is faulty or cannot be read. |
New-MDIConfigurationReport | Use this function to generate a report on MDI domain configuration. You can export the report as an HTML file or a detailed JSON file. |
New-MDIDSA | Use this function to create either a group-managed service account or a standard service account. |
Set-MDIConfiguration | Use this function to configure various Defender for Identity post-deployment required settings. |
Set-MDISensorProxyConfiguration | Sets the proxy configuration for the Defender for Identity sensor to use the specified proxy server and credentials. |
Test-MDIConfiguration | Validates the configuration for various Defender for Identity post-deployment required settings, such as NTLMAuditing for local machines and Active Directory domains. |
Test-MDIDSA | With this cmdlet, you can check if the specified Directory Service Account (DSA) has any issues with its permissions and delegation. |
Test-MDISensorApiConnection | Use this function to test the connectivity to the defender for the identity sensor API. This cmdlet also supports using custom parameters. |
Need more help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.