Forum Discussion

aussupport's avatar
aussupport
Brass Contributor
Aug 14, 2020
Solved

ATP Sensor Requirment

Hi All,

 

 I have a domain with 100+ servers. So do we need to install ATP Sensor for all? 

 

 

As 

  • David Caddick's avatar
    David Caddick
    Aug 16, 2020

    aussupport it's the nature of the onPrem AD, the reason you have multiple DC's is to ensure HA? So what if a malicious login occurs against a DC that doesn't have the Sensor deployed?

    That being said, even having the sensor's deployed to 10 - 20% of the DC's will give you some coverage, but the Question then is "are you catching all the bad stuff, or are you missing something vital?"

     

    Hope that helps?

    Dave C

4 Replies

  • Or Tsemah's avatar
    Or Tsemah
    Former Employee
    Aug 14, 2020

    aussupport 

    Azure ATP only needs to be deployed on the Domain controllers to monitor the environment, it's important to install on all of them

    • aussupport's avatar
      aussupport
      Brass Contributor
      Aug 14, 2020

      Or Tsemah  Thanks. I understand that need to instal on DC's but why we need to install on all the DC's?

      if we have few DC's in each site can one of them not enough? 

      • David Caddick's avatar
        David Caddick
        Iron Contributor
        Aug 16, 2020

        aussupport it's the nature of the onPrem AD, the reason you have multiple DC's is to ensure HA? So what if a malicious login occurs against a DC that doesn't have the Sensor deployed?

        That being said, even having the sensor's deployed to 10 - 20% of the DC's will give you some coverage, but the Question then is "are you catching all the bad stuff, or are you missing something vital?"

         

        Hope that helps?

        Dave C