1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Deploying Microsoft Defender for Identity

Create a Defender for Identity Instance

Start course

Microsoft Defender for Identity is a cloud-based security solution that leverages on-prem Active Directory to identify, detect, and investigate things like threats and compromised identities. It also helps identify malicious insider attacks.

For any feedback relating to this course, please contact us at support@cloudacademy.com

Learning Objectives

  • Learn what Defender for Identity is
  • Learn how to create a Defender for Identity instance
  • Learn how to connect Defender for Identity to an on-prem Active Directory forest
  • Learn how to install the Defender for Identity sensor

Intended Audience

This quick-hitting course is intended for those who want to learn how to deploy Defender for Identity.


To get the most from this course, you should have a basic understanding of Microsoft Azure and Microsoft 365.


Hello, and welcome back. In this demonstration here, we are going to create a Microsoft Defender for Identity instance. Once we have the instance created, we'll come back into another demonstration where we'll go ahead and connect it to our on-prem Active Directory forest. Now on the screen here, you can see I'm in the Microsoft Defender for Identity portal, and to get here, you browse to portal.atp.azure.com. And then what it does is direct you to the tenant portal. Well see here, I don't have an instance currently created, so we'll go ahead and click the Create button here to begin the process. Now, while this is creating it, it says here it may take a few minutes, but what it does here is eventually bounces you out to the Defender for Identity for berksbatteries.com, which is the domain for my Azure tenant here. And we'll just close the notification about the new user investigation experience that's available. And then again, it tells me about the new investigation experience over here, we'll close this out. So at this point, we have the Defender for Identity instance created. Now what we're going to have to do to connect this to our Active Directory is provide a username and password for our Active Directory forest. We'll have to download the Sensor Setup and install the sensor on a domain controller in our forest, and then we'll configure the sensor. Now, before we close out this quick demonstration here, what I do want to do is bounce over to this screen here. This here is the DCO1 for our berksbatteries.com Active Directory forest. This is actually a VM. I spun up an Azure just to mimic an on-prem Active Directory. So this DCO1 is going to be where we install the sensor. So, let's take a break here and I'll see you in the next demonstration, where we'll go through the process of connecting this on-prem Active Directory with the Microsoft Defender for Identity.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.