Security assessment: Unmonitored domain controllers

What are unmonitored domain controllers?

An essential part of the Microsoft Defender for Identity solution requires that its sensors are deployed on all organizational domain controllers, providing a comprehensive view for all user activities from every device.

For this reason, Defender for Identity continuously monitors your environment to identify domain controllers without an installed Defender for Identity sensor, and reports on these unmonitored servers to assist you in managing full coverage of your environment.

What risk do unmonitored domain controllers pose to an organization?

In order to operate at maximum efficiency, all domain controllers must be monitored with Defender for Identity sensors. Organizations that fail to remediate unmonitored domain controllers, reduce visibility into their environment and potentially expose their assets to malicious actors.

How do I use this security assessment?

  1. Review the suggested improvement action at to discover which of your domain controllers are unmonitored.

    Install Defender for Identity Sensor on all Domain Controllers.

  2. Take appropriate action on those domain controllers by installing and configuring monitoring sensors.


This assessment is updated in near real time.

See Also