Quickstart: Connect to your Active Directory Forest

Note

The experience described in this page can also be accessed at https://security.microsoft.com as part of Microsoft 365 Defender. The supporting documents for the new experience can be found here. For more information about Microsoft Defender for Identity and when other features will be available in Microsoft 365 Defender, see Microsoft Defender for Identity in Microsoft 365 Defender.

In this quickstart, you'll connect Microsoft Defender for Identity to Active Directory (AD) to retrieve data about users and computers. If you're connecting multiple forests, see the Multi-forest support article.

Prerequisites

Provide a username and password to connect to your Active Directory Forest

The first time you open the Defender for Identity portal, the following screen appears:

Welcome stage 1, Directory Services settings.

  1. Enter the following information and select Save:

    Field Comments
    Username (required) Enter the read-only AD username. For example: DefenderForIdentityUser. You must use a standard AD user or gMSA account. Don't use the UPN format for your username. When using a gMSA, the user string should end with the '$' sign. For example: mdisvc$
    NOTE: We recommend that you avoid using accounts assigned to specific users.
    Password (required for standard AD user account) For AD user account only, enter the password for the read-only user. For example: Pencil1.
    Group managed service account (required for gMSA account) For gMSA account only, select Group managed service account.
    Domain (required) Enter the domain for the read-only user. For example: contoso.com. It's important that you enter the complete FQDN of the domain where the user is located. For example, if the user's account is in domain corp.contoso.com, you need to enter corp.contoso.com not contoso.com
  2. In the Defender for Identity portal, click Download sensor setup and install the first sensor to continue.

Next steps

Join the Community

Have more questions, or an interest in discussing Defender for Identity and related security with others? Join the Defender for Identity Community today!