Microsoft Defender for Identity

The Defender for Identity documentation details how to manually set up the required configurations. However, manual configuration can be error-prone, time-consuming, and difficult to manage in a complex, multi-domain environment. For example:

  • Adding auditing on read property actions adds unnecessary load on the domain controllers
  • Defender for Identity can have blind spots if you don't register the proper events

The Defender for Identity PowerShell module solves these issues by helping to automate the configuration processes for domains, domain controllers, and other sensor servers.

Installing the DefenderForIdentity module

  • This module requires Windows PowerShell 5.1 or PowerShell 7.4 or later. This prerequisite isn't checked by the installation.
  • To install the module from the PowerShell Gallery, use the following command:
Install-Module -Name DefenderForIdentity

To use the DefenderForIdentity module with PowerShell 7.4 or later, first run the following command to import the GroupPolicy module:

Import-Module -Name GroupPolicy -SkipEditionCheck

For more information, see the DefenderForIdentity reference.