MC1060476 - Microsoft Defender XDR services: Deploy the New Defender for Identity sensor on Microsoft Entra Connect servers

Updated May 8, 2025: We have updated the content. Thank you for your patience.

We are excited to announce the support of the Microsoft Defender for Identity classic sensor on Microsoft Entra Connect servers. This addition expands Defender for Identity’s coverage across hybrid identity environments, providing enhanced visibility and security for these critical assets.

When this will happen:

General Availability (Worldwide, GCC, DoD): Available now.

How this will affect your organization:

With the Defender for Identity classic sensor now available for Entra Connect servers, organizations gain deeper insights into hybrid identity threats. Deploying this sensor allows for more comprehensive monitoring of authentication activities, helping to detect and mitigate potential identity attacks targeting your infrastructure. We strongly recommend installing the Defender for Identity classic sensor on all Entra Connect servers.

Deploy Defender for Identity classic sensor for Entra Connect server:

New posture recommendations for Entra Connect servers:

This change is available by default.

What you need to do to prepare:

Learn more

• Configure sensors for AD FS, AD CS, and Microsoft Entra Connect - Microsoft Defender for Identity | Microsoft Learn 
• Protect and Detect: Microsoft Defender for Identity Expands to Entra Connect Server

This rollout is available automatically with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.