Issue
I recently installed the Defender for Identity sensor on my domain controller. Why am I not seeing any alerts so far?
Environment
Microsoft Defender XDR
Defender for Identity
Resolution
The Defender for Identity sensor has a 30 day learning period after initial installation. This learning period can be disabled via the Microsoft Defender XDR console but can impact the quality of alerts from the sensor.
See Manage and update Microsoft Defender for Identity sensors for more info on managing settings with in the Microsoft Defender XDR console.
Cause
The learning period is to give the sensor time to monitor activities and build a profile of patterns that will be used to help determine different types of activity. With certain types of alerts, the learning period is required in order to help the sensor appropriately identify legitimate vs malicious activity.
See Adjust alert thresholds for more information.
Comments
0 comments
Please sign in to leave a comment.