Crafting advanced PowerShell scripts for MDI management
As you may have understood by now, it is crucial to have the right advanced auditing settings in place, the correct GPO (Group Policy Objects) created and linked to our servers, which will act as sensor servers, and other settings in place, otherwise, we will have blind spots in our detection capability.
It is one thing to install and configure products on servers or other endpoints, but in this case, we need to carefully monitor the baseline configuration so we can be alerted and notified if the configuration changes. At the time of writing this book, we do have a page of current health issues in the Identity blade within the Microsoft Defender XDR portal.
If we look at the page, we can see health issues on the sensor (see Figure 3.6).
Figure 3.6 – Sensor health issues
You can also see global health issues (see Figure 3.7), as advanced auditing is not configured correctly.
