You need to integrate the VPN and Defender for Identity.

Written by John Gruber Published on Last Updated on

Your organization has a Microsoft 365 tenant with a primary domain of Gitbit.org. Your organization also has an on-premises Active Directory environment that's synced through AD Connect to Microsoft 365.

Your organization has an on-premises Active Directory domain with a Windows Server 2019 server named Chicago1. Chicago1 has the Remote Access server role installed. Chicago1 is configured as a Virtual Private Network (VPN) server.

Your manager has tasked you with deploying Microsoft Defender for Identity and integrating the VPN with Defender for Identity.

You install the Microsoft Defender for Identity sensor on a server named Win2019A. Win2019A is running Windows Server 2019.

What should you do?

On Chicago1:

On Win2019A

Click to show answer

Three steps are required to set up VPN monitoring using Defender for Identity

Configure RADIUS Accounting on Chicago1

Open Routing and Remote Access > right-click the server name of Chicago1and click Properties.
Go to the security tab. Select RADIUS Accounting and click Configure
Set the Server name to Win2019A. Click Change and set the shared secret. Check the Send RADIUS Account On and Accounting Off messages checkbox. Click OK to close all the open windows.

Enable VPN / RADIUS Accounts in Defender for Identity

Open the Microsoft 365 Defender admin center. Click Settings > Identities > VPN.
Click Enable radius account. Enter the shared secret you created in step 3 above. Click Save.

Enable inbound port 1813 on Win2019A

1. Open port 1813 and forward traffic to Win2019A on any routers/firewalls.

https://www.gitbit.org/course/ms-500/learn/Whats-Microsoft-Defender-for-identity-Kye_yNLxA

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn

< Previous Next > Skip Exam >>