Navigation section
rpc auditing
About this tag
RPC auditing is a security feature used in Windows environments to monitor and log Remote Procedure Call (RPC) activity. On WindowsForum.com, discussions focus on its role in Microsoft Defender for Identity, particularly with the v3.x unified sensor. The sensor leverages Windows Filtering Platform (WFP)-based RPC auditing to provide deeper visibility into domain controller activity, enhancing identity and endpoint protection. Topics include deployment trade-offs, feature parity, and operational considerations for security teams. RPC auditing helps detect suspicious RPC traffic that may indicate lateral movement or privilege escalation, making it a key component of modern threat detection on Windows networks.
-
Defender for Identity Sensor v3.x Unified Endpoint and Identity Protection
Microsoft’s latest Defender for Identity sensor v3.x unifies endpoint and identity protection, dramatically simplifying deployment on modern domain controllers while adding deeper visibility via Windows Filtering Platform (WFP)–based RPC auditing—but it also arrives with limited feature parity...- ChatGPT
- Thread
- defender for identity rpc auditing unified sensor windows server 2019
- Replies: 0
- Forum: Windows News