The Defender for Identity sensor(s) listed are failing to resolve IP addresses to device names

Alessandro Cassano 0 Reputation points
2024-01-16T14:03:28.22+00:00

Good morning, I received this message from Azure alerts The Defender for Identity sensor(s) listed are failing to resolve IP addresses to device names using the configured protocols (4 protocols), with a success rate of less than 10%. This could impact detection capabilities and increase the number of false positives (FPs). Details ArcaDCAzure.service.local Generated time Jan 3, 2024 4:48 PM Last Updated Jan 3, 2024 4:48 PM Recommendations Check that the sensor can reach the DNS server and that Reverse Lookup Zones are enabled. Check that port 137 is open for inbound communication from MDI sensors, on all computers in the environment. Check that port 3389 is open for inbound communication from MDI sensors, on all computers in the environment. Check that port 135 is open for inbound communication from MDI sensors, on all computers in the environment. Check all network configuration (firewalls), as these could prevent communication to the relevant ports. Learn more about https://aka.ms/mdi/nnr/troubleshooting. I checked the opening of ports 135 and 3389 in inbound and they are open Port 137 seems not open although I don't understand why the firewall is disabled User's image

and Azure rules allow inbound on all ports User's image

Can you help me ? Thanks

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
214 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.