Back

Azure Advanced Threat Protection – Coffee with Conrad

Azure Advanced Threat Protection ATP brings the full power and security of the Microsoft Cloud to your onpremises identity and infrastructure In ...

5 min read
Published on Jul 10, 2020
Azure Advanced Threat Protection – Coffee with Conrad

Azure Advanced Threat Protection (ATP) brings the full power and security of the Microsoft Cloud to your on-premises identity and infrastructure. In this episode of Coffee with Conrad, we discuss how it works and how it can help you.


What Is ATP?

Azure Advanced Threat Protection (ATP is an under-discussed, underappreciated piece of technology. With remote work and cloud technology taking precedence in the current professional landscape, it’s important to understand how it fits in with the modern office and workplace. When considering how ATP can help, it’s critical to remember that your security monitoring is only as good as the information you feed into it. Microsoft talks a lot about signals, which is the information our systems are providing us with. These signals are essential to understanding how Azure ATP interacts with the system around it, detecting security issues.

Active Directory

The first place Azure ATP goes is to your local Active Directory (AD). When we discuss AD, we’re talking about the local AD that’s been around for a long time as part of your Windows server. It’s the local AD that your team members still log into. Even in a hybrid environment where people are still using Office 365, you can have your data compromised.

Understand that these attackers don’t always attack right away. Hackers don’t like to tell you they were in your system. The more they can sit in your system, and mine your data, the easier it is for them to hack your account. Once they figure out how to do this, they can continue doing it. It is to their benefit to not set off any warning signs for you to realize they’ve been there until it is too late. If you’re not using multi-factor authentication and challenging those accessing your cloud data, you’re exposed to a variety of cybersecurity threats.

So there are a lot of signals being sent via Office 365. The issue here is that your local Windows directory is bad at understanding where attacks are coming from. Whether it’s coming from an external source or an individual person within your business, the attacks are happening within your environment whether you realize it or not.

What Does Azure Advanced Threat Protection Do?

It detects identity-based attacks throughout the kill. Azure ATP gathers information to help protect the system. This means gathering signals and sending that information into Azure. If someone is logging in from multiple access points, it can submit that information. Azure ATP collects signals that may otherwise be considered suspicious for further evaluation or consideration. Because Azure ATP is able to collect information about patterns and traffic, it can pass all these signals along, notifying someone when a collection of signals come up. It can also relay specific information such as what the issue was or how it should be hunted down.

If you have a license that has this capability already, get it deployed. Don’t wait another second! If you’re in a license that is close to having it, get it deployed. Ignorance is no way to protect your system. Agile IT recommends you take full advantage of the useful data Azure ATP can share to help keep your systems more secure.

One advantage of Azure ATP is that you don’t have to get rid of your local Active Directory. If you plan on keeping it, you will need to protect it. With Azure ATP, you don’t have to deploy another management infrastructure security tool to manage that process. You may need to do some configuration in Active Directory, but you don’t have to manage servers and infrastructure.

Having this capability allows you to think about adding multiple layers to your protection. In the world of IT security, there is no one fix for all problems. Functional security demands a multi-dimensional approach with multiple solutions. You need multiple security measures. The great thing about Microsoft is that the multiple layers of security they arm you with work well with each other.

Active Directory With Azure Advanced Threat Protection

Azure Advanced Threat Protection – Coffee With Conrad

If you’re currently using a local Active Directory environment, especially if you’re re-using Office 365, there’s nothing holding you back from deploying Azure ATP. If you’re licensed for it and have a local Active Directory, you should 1000% do this. There’s no reason not to get the extra information and intelligence Azure ATP will provide you with. It makes no sense to wait on deploying this as the capabilities are a part of your license. Agile IT can help if you need assistance with the process.

As far as defending network-attached storage is concerned, you can tie Azure ATP to the radius connection for your VPN. If you’re using a VPN solution, Azure ATP can monitor that. There are some other attachments it can monitor as well. While it’s not really intended for storage, it can certainly look at unusual file-sharing activities.

Azure ATP isn’t just collecting signals to your environment, but across all Microsoft environments as well. When you set up Azure ATP to watch what’s happening in your environment, it can also view attacks on similar IP addresses as well someplace else. The great part about this capability is that when multiple ATP systems work together (i.e. Defender ATP), you can begin to detect and analyze emerging patterns. You also maximize detection during the attack stages.

Learn More About Azure Advanced Threat Protection

Having various ATPs working together protects your content, notices exploits, and catches identity attacks. Much of this technology has been around for decades, but very few people could afford it. It requires hardware and software set up along with various vendors in place to help with the implementation. They then had to make constant changes. Now? There’s increased accessibility for all these systems — not just security services, but commonality throughout the cloud that applies the system to all these other customers. Accessibility and connectivity are greater than ever before, with the accessibility maturation making the tool more valuable than ever.

Need help determining how Azure ATP can help secure your organization? Schedule a call.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Azure Migration Made Easy Tools Automation and Best Practices

Azure Migration Made Easy: Tools, Automation, and Best Practices for a Smooth Cloud Transition

Simplify your Azure migration with the right tools and automation. Explore Azure Migrate, Site Recovery, DevOps, and third-party solutions for an efficient cloud transition.

May 26, 2025
7 min read
How to Enable Cross-Cloud Collaboration Between GCC High and Office 365

How to Connect GCC High and Office 365 for Cross-Cloud Collaboration

Learn how to securely connect GCC High and Office 365 for cross-cloud collaboration. Explore supported features, limitations, and compliance best practices.

May 22, 2025
6 min read
Key Controls for Achieving CMMC Level 2

Key Controls for Achieving CMMC Level 2 Compliance

Discover the key security controls required for CMMC Level 2 compliance. Learn how to implement NIST 800-171 practices to protect Controlled Unclassified Information (CUI).

May 21, 2025
7 min read
Understanding CMMC Enclaves: A Guide for DoD Contractors

CMMC Enclaves: Your Comprehensive Guide to Protecting CUI

Discover how CMMC enclaves can streamline compliance and bolster security by isolating Controlled Unclassified Information (CUI) within a secure environment.

May 21, 2025
7 min read
How MSPs, RPOs, and C3PAOs Help Organizations Achieve CMMC Compliance

How MSPs Help Organizations Achieve CMMC Compliance

MSPs, RPOs, and C3PAOs play a crucial role in CMMC compliance. Learn how to choose the right consultant, third-party auditor, or provider to meet CMMC certification requirements.

May 20, 2025
8 min read
CMMC Compliance Requirements for Level 1 Level 2 and Level 3

CMMC Compliance Requirements for Level 1 Level 2 and Level 3

CMMC certification requires different cybersecurity controls at each level. Learn the key requirements for Level 1, Level 2, and Level 3 compliance and how they align with NIST 800-171.

May 16, 2025
5 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation