MC1179159: Microsoft Defender for Identity: Activate the Unified Sensor now generally available

[Introduction]

We’re excited to announce the general availability (GA) of the Unified Sensor for Microsoft Defender for Identity. This milestone simplifies the activation of identity protections on qualifying domain controllers by extending the existing Microsoft Defender for Endpoint agent. With just a few clicks, you can enable identity alerts, posture recommendations, and automatic attack disruption—no additional agent installation required.

[When this will happen]

General Availability (Worldwide, GCC, GCCH, and DoD): Available now.

[How this affects your organization]

Who is affected: Admins managing domain controllers with Microsoft Defender for Endpoint deployed.

What will happen:

• The Unified Sensor can be activated on qualifying domain controllers.
• Identity-specific alerts and posture recommendations will begin flowing shortly after activation.
• No downtime is required for domain controllers.
• Existing licenses, capabilities, and alerts remain unaffected.
• Activation does not require additional installations.
• The Unified Sensor v3.x:
  • Cannot be activated on servers with Defender for Identity sensor v2.x already deployed.
  • Does not currently support VPN integration or ExpressRoute.
  • Does not yet offer full functionality for health alerts, posture recommendations, security alerts, or advanced hunting data.

[What you can do to prepare]

• Review deployment prerequisites to ensure your environment is ready.
• Go to the Activation page in the Microsoft Defender portal.
• Review all your eligible domain controllers (those onboarded with Microsoft Defender for Endpoint, version 2019 or above).
• Activate the new sensor on your domain controllers.
• Ensure your domain controllers meet the following minimum requirements:
  • Windows Server 2019 or later.
  • June 2025 Cumulative Update or later.
  • Defender for Endpoint must be deployed.
  • Domain controller must not already have Defender for Identity sensor v2.x installed.
  • Server must have at least 2 cores and 6 GB RAM.
  • Power Option should be set to High Performance.
  • Time synchronization across servers must be within five minutes.
• If using virtualization:
  • For Hyper-V: Disable Dynamic Memory.
  • For VMware: Reserve all guest memory.
• Licensing requirements include one of the following:
  • Microsoft 365 E5/A5/G5/F5 Security
  • EMS E5/A5
  • Standalone Defender for Identity license
• To support advanced identity detections, consider applying the Unified Sensor RPC Audit tag via Asset Rule Management in the Microsoft Defender portal.
• Configure Windows auditing to support enhanced detections. You may use the Set-MDIConfiguration PowerShell command to automate audit policy setup.
• Run the Test-MdiReadiness.ps1 script to validate your environment before deployment.
• Communicate this update to your security operations team.

Learn more:

• Microsoft Defender for Identity sensor v3.x prerequisites (Preview)

[Compliance considerations]

No compliance considerations identified, review as appropriate for your organization.