Back

Azure Advanced Threat Protection – Coffee with Conrad

Azure Advanced Threat Protection ATP brings the full power and security of the Microsoft Cloud to your onpremises identity and infrastructure In ...

5 min read
Published on Jul 10, 2020
Azure Advanced Threat Protection – Coffee with Conrad

Azure Advanced Threat Protection (ATP) brings the full power and security of the Microsoft Cloud to your on-premises identity and infrastructure. In this episode of Coffee with Conrad, we discuss how it works and how it can help you.


What Is ATP?

Azure Advanced Threat Protection (ATP is an under-discussed, underappreciated piece of technology. With remote work and cloud technology taking precedence in the current professional landscape, it’s important to understand how it fits in with the modern office and workplace. When considering how ATP can help, it’s critical to remember that your security monitoring is only as good as the information you feed into it. Microsoft talks a lot about signals, which is the information our systems are providing us with. These signals are essential to understanding how Azure ATP interacts with the system around it, detecting security issues.

Active Directory

The first place Azure ATP goes is to your local Active Directory (AD). When we discuss AD, we’re talking about the local AD that’s been around for a long time as part of your Windows server. It’s the local AD that your team members still log into. Even in a hybrid environment where people are still using Office 365, you can have your data compromised.

Understand that these attackers don’t always attack right away. Hackers don’t like to tell you they were in your system. The more they can sit in your system, and mine your data, the easier it is for them to hack your account. Once they figure out how to do this, they can continue doing it. It is to their benefit to not set off any warning signs for you to realize they’ve been there until it is too late. If you’re not using multi-factor authentication and challenging those accessing your cloud data, you’re exposed to a variety of cybersecurity threats.

So there are a lot of signals being sent via Office 365. The issue here is that your local Windows directory is bad at understanding where attacks are coming from. Whether it’s coming from an external source or an individual person within your business, the attacks are happening within your environment whether you realize it or not.

What Does Azure Advanced Threat Protection Do?

It detects identity-based attacks throughout the kill. Azure ATP gathers information to help protect the system. This means gathering signals and sending that information into Azure. If someone is logging in from multiple access points, it can submit that information. Azure ATP collects signals that may otherwise be considered suspicious for further evaluation or consideration. Because Azure ATP is able to collect information about patterns and traffic, it can pass all these signals along, notifying someone when a collection of signals come up. It can also relay specific information such as what the issue was or how it should be hunted down.

If you have a license that has this capability already, get it deployed. Don’t wait another second! If you’re in a license that is close to having it, get it deployed. Ignorance is no way to protect your system. Agile IT recommends you take full advantage of the useful data Azure ATP can share to help keep your systems more secure.

One advantage of Azure ATP is that you don’t have to get rid of your local Active Directory. If you plan on keeping it, you will need to protect it. With Azure ATP, you don’t have to deploy another management infrastructure security tool to manage that process. You may need to do some configuration in Active Directory, but you don’t have to manage servers and infrastructure.

Having this capability allows you to think about adding multiple layers to your protection. In the world of IT security, there is no one fix for all problems. Functional security demands a multi-dimensional approach with multiple solutions. You need multiple security measures. The great thing about Microsoft is that the multiple layers of security they arm you with work well with each other.

Active Directory With Azure Advanced Threat Protection

Azure Advanced Threat Protection – Coffee With Conrad

If you’re currently using a local Active Directory environment, especially if you’re re-using Office 365, there’s nothing holding you back from deploying Azure ATP. If you’re licensed for it and have a local Active Directory, you should 1000% do this. There’s no reason not to get the extra information and intelligence Azure ATP will provide you with. It makes no sense to wait on deploying this as the capabilities are a part of your license. Agile IT can help if you need assistance with the process.

As far as defending network-attached storage is concerned, you can tie Azure ATP to the radius connection for your VPN. If you’re using a VPN solution, Azure ATP can monitor that. There are some other attachments it can monitor as well. While it’s not really intended for storage, it can certainly look at unusual file-sharing activities.

Azure ATP isn’t just collecting signals to your environment, but across all Microsoft environments as well. When you set up Azure ATP to watch what’s happening in your environment, it can also view attacks on similar IP addresses as well someplace else. The great part about this capability is that when multiple ATP systems work together (i.e. Defender ATP), you can begin to detect and analyze emerging patterns. You also maximize detection during the attack stages.

Learn More About Azure Advanced Threat Protection

Having various ATPs working together protects your content, notices exploits, and catches identity attacks. Much of this technology has been around for decades, but very few people could afford it. It requires hardware and software set up along with various vendors in place to help with the implementation. They then had to make constant changes. Now? There’s increased accessibility for all these systems — not just security services, but commonality throughout the cloud that applies the system to all these other customers. Accessibility and connectivity are greater than ever before, with the accessibility maturation making the tool more valuable than ever.

Need help determining how Azure ATP can help secure your organization? Schedule a call.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation