Understanding the prerequisites
While the prerequisites for MDI are a lot less complex than MDE, there are still some newer concepts that can be tricky for some, but don't worry – we'll cover most of them. However, before we get into that, I wanted to go over the architecture of the MDI sensor and service so that you can conceptually understand the data flow.
Next, in Figure 4.2, we have a nice diagram that's provided to us by Microsoft, which can be found on the MDI architecture docs page (https://docs.microsoft.com/en-us/defender-for-identity/architecture). It shows how sensors installed on the domain controllers or Active Directory Federation Services (AD FS) servers send the captured data, which has been nicely parsed, to the MDI backend. From there, the activities and alerts are presented in the Microsoft Defender for Cloud Apps (MDCA) portal. Alerts pertaining to MDI are now also in the security.microsoft.com portal. Time will tell whether the sole...
