Get an overview of Microsoft Defender for Identity's architecture
Microsoft Defender for Identity consists of several parts that work together. To explain to decision makers how Microsoft Defender for Identity fits into your organization, you need to understand these components. Here, you'll get an overview of them.
Microsoft Defender for Identity components
Microsoft Defender for Identity consists of the following components:
- Microsoft Defender for Identity sensors
- Sensors are installed on your machines that run your identity services such as your domain controllers and Active Directory Federation Services (AD FS) servers. These sensors monitor traffic and events at domain controllers and monitor network traffic and authentication events at AD FS servers.
- Microsoft Defender for Identity cloud service
- The Microsoft Defender for Identity cloud service is the underlying service that runs on Azure infrastructure and uses Microsoft's intelligent security graph to analyze data and detect threats.
- Microsoft Defender for Identity portal
- You can access and use Microsoft Defender for Identity through the Microsoft Defender for Identity portal. You use the portal to create a Microsoft Defender for Identity instance and monitor threats for your organization.
