Today, we're happy to announce that the next stage of the convergence of Microsoft Defender for Identity into Microsoft 365 Defender has entered Public Preview.
This most recent update sees that all the configuration options and administration capabilities available in the Defender for Identity portal (under Configuration) are now available in the settings area of Microsoft 365 Defender. There is one exception to this statement - exclusion settings. We're currently making these available as part of Private Preview and will announce their release to Public Preview soon.
Let's take a brief walkthrough of the features being made available. Note, some of the information on the screenshots below have been intentionally blanked out, such as domain names, UPNs, and email addresses:
Before we dive into the details around the administration and configuration settings, one new feature we've made available for new customers coming to Defender for Identity is the automated creation of the workspace. This means that new customers won't have to go through an initial setup wizard anymore to create the Defender for Identity instance in their tenant - when they log on for the first time, with the appropriate permissions, the instance will be created automatically.
First up, you’ll need to make sure that your account has Defender for Identity permissions, click here for more information about what permissions are available. You’ll need these permissions to see the settings we’re covering today. The settings being discussed in this blog can be accessed by navigating to security.microsoft.com, then clicking on Settings on the left menu, then by clicking on Identities on the main pane on the right:
This will take you to the sensor page where you can monitor the state of each individual sensor, as well as being able to filter the list of sensors based on several attributes:
Clicking on any individual sensor will open the sensor pane which will show the details of any chosen sensor, as well as any health issues – currently open, previously closed, or even suppressed:
Back on the sensor screen, if want to see health issues affecting your entire workspace, click on “Global health issues” on the main sensor screen near the top right. This will bring the global health issues pane, again showing open, closed, and suppressed issues:
The other areas available in the “General” section of the settings are the directory services accounts configuration, where you can configure the read-only account used to connect to your on-premises Active Directory and the VPN integration configuration - used to ingest RADIUS information into Defender for Identity:
Moving on to entity tags, you’ll notice it is now split into three smaller sub-sections – Sensitive, Honeytoken and Exchange Server.
The sensitive tag can now be assigned to users, computers, and groups. Based on customer’s feedback, we also added additional information at-a-glance on these entities, including which domain they’re part of and their UPNs:
One additional change here is that Exchange servers can now be tagged in a dedicated section:
Finally, we have the notification section of the settings page. This provides users with dedicated screens to add recipients for health issue notifications, alert notifications, and syslog notifications.
In summary, most Microsoft Defender for Identity settings, including an automated onboarding of workspaces are now part of the M365 Defender portal, give it a spin and let us know what you think.
All documentation related to these settings can be found here.
One final note, these settings are now available as part of Public Preview. until these features are made generally available If you encounter any issues with Microsoft Defender for Identity and need to raise a support ticket, please utilize the classic Defender for Identity portal experience.
Keep up to date on all the convergence efforts over at aka.ms/mdiportalconverge