| title | Test connectivity | Microsoft Defender for Identity |
|---|---|
| description | Learn how to test whether the server where you're installing your Microsoft Defender for Identity sensor can access the Defender for Identity cloud service. |
| ms.date | 01/16/2024 |
| ms.topic | how-to |
| ms.reviewer | rlitinsky |
The Defender for Identity sensor requires network connectivity to the Defender for Identity service. Depending on which version of the sensor you deployed, see Sensor v2.x prerequisites or Sensor v3.x prerequisites.
After preparing the server that you're going to use for your Microsoft Defender for Identity sensor we recommend that you test connectivity to make sure that your server can access the Defender for Identity cloud service. Use the procedures in this article even after deploying if your sensor server is experiencing connectivity issues.
For more information, see Required ports.
Note
To get the name and other important details about your Defender for Identity workspace, see the About page in the Microsoft Defender XDR portal.
-
Open a browser. If you're using a proxy, make sure that your browser uses the same proxy settings being used by the sensor.
For example, if the proxy settings are defined for Local System, you'll need to use PSExec to open a session as Local System and open the browser from that session.
-
Browse to the following URL:
https://<your_workspace_name>sensorapi.atp.azure.com/tri/sensor/api/ping. Replace<your_workspace_name>with the name of your Defender for Identity workspace.[!IMPORTANT] You must specify
HTTPS, notHTTP, to properly test connectivity.Result: You should get the latest sensor version number, which indicates you were successfully able to route to the Defender for Identity HTTPS endpoint. This is the desired result.
For some older workspaces, the message returned could be Error 503 The service is unavailable. This is a temporary state that still indicates success. For example:
:::image type="content" source="../media/configure-proxy/test-proxy.png" alt-text="Screenshot of an HTTP 200 status code (OK).":::
Other results might include the following scenarios:
-
If you don't get Ok message, then you may have a problem with your proxy configuration. Check your network and proxy settings.
-
If you get a certificate error, ensure that you have the required trusted root certificates installed before continuing. For more information, see Proxy authentication problem presents as a connection error. The certificate details should look like this:
:::image type="content" source="../media/configure-proxy/certificate.png" alt-text="Screenshot of the required certificate path.":::
-
Prerequisites: Before running Defender for Identity PowerShell commands, make sure that you downloaded the Defender for Identity PowerShell module.
Sign into your server and run one of the following commands:
-
To use the current server's settings, run:
Test-MDISensorApiConnection -
To test settings that you're planning on using, but aren't currently configured on the server, run the command using the following syntax:
Test-MDISensorApiConnection -BypassConfiguration -SensorApiUrl 'https://contososensorapi.atp.azure.com' -ProxyUrl 'https://myproxy.contoso.com:8080' -ProxyCredential $credential
Where:
https://contososensorapi.atp.azure.comis an example of your sensor URL, where contososensor is the name of your workspace.https://myproxy.contoso.com:8080is an example of your proxy URL
For more information, see the MDI PowerShell documentation.
[!div class="step-by-step"] Download the Microsoft Defender for Identity sensor »