ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 91 discussion

Actual exam question from Microsoft's MS-500
Question #: 91
Topic #: 1
[All MS-500 Questions]

HOTSPOT
-

Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.



You have Microsoft 365 subscription.

You plan to deploy Microsoft Defender for Identity.

You need to deploy the Defender for Identity sensor. The solution must meet the following requirements:

• Support the collection of Event Tracing for Windows (ETW) log entries.
• Use the principle of least privilege.
• Maximize security.

On which servers can you install the sensor, and which type of credentials is required for the sensor? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by sleb at May 16, 2023, 7:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DavidBM
2 years ago
To deploy the Defender for Identity sensor that supports the collection of Event Tracing for Windows (ETW) log entries, uses the principle of least privilege and maximizes security, you should install the sensor on domain controllers and use a service account to run the sensor. Therefore, the answer area should have the following options selected: Servers: Domain controllers Credentials: Service account
upvoted 1 times
...
sleb
2 years, 1 month ago
As of my knowledge cutoff in September 2021, it is not possible to deploy Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) sensor on a Windows Server Core installation, including Windows Server 2019. The Defender for Identity sensor requires a full installation of Windows Server with a graphical user interface (GUI) because it relies on components that are not available in the Server Core edition. The sensor installation process involves using the Azure ATP portal or PowerShell commands, both of which are not supported on Server Core. So server1 only it seems.
upvoted 2 times
Tanasi
2 years, 1 month ago
You can install on Core and Desktop Experience. Only on Nano you cannot. See here: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites
upvoted 3 times
GPerez73
2 years ago
Crystal clear. Thanks for the link Tanasi
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel