Forum Discussion

Paolo Heuer's avatar
Paolo Heuer
Copper Contributor
Nov 28, 2017
Solved

AADConnect false alert

I've found out that Azure ATP has some problems recognizing aadconnect activities.

Is it happening to you, too?

 

  • Astrid McClean's avatar
    Astrid McClean
    Nov 28, 2017

    This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide 

     

    For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.

1 Reply

  • Astrid McClean's avatar
    Astrid McClean
    Former Employee
    Nov 28, 2017

    This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide 

     

    For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.