Forum Discussion
Add AD FS Servers As An Exception For AATP?
Hello! We just installed AATP a week ago in our environment and a few days ago, we started to receive alerts from AATP about our AD FS (Active Directory Federation Services) servers reporting "Accou...
Astrid McClean
Microsoft
Microsoft
ADFS servers are typically open to the Internet and are therefore a potential target for account enumeration attacks. In this alert, all the users who failed to authenticate to do not exist in Active Directory. We recommend that you check if the users in the list have been removed AD recently, or if the list looks more like a dictionary attack. Once you understand the user list you can determine if the alert is being triggered by a process in your environment which is enumerating the users, or if it is potentially a real attack.
