Forum Discussion
ATP Sensor Requirment
- Aug 17, 2020
aussupport it's the nature of the onPrem AD, the reason you have multiple DC's is to ensure HA? So what if a malicious login occurs against a DC that doesn't have the Sensor deployed?
That being said, even having the sensor's deployed to 10 - 20% of the DC's will give you some coverage, but the Question then is "are you catching all the bad stuff, or are you missing something vital?"Hope that helps?
Dave C
Or Tsemah Thanks. I understand that need to instal on DC's but why we need to install on all the DC's?
if we have few DC's in each site can one of them not enough?
aussupport It won't ensure that Azure ATP has the maximum chance of catching a malicious behavior.
Although AD data is distributed between the DCs, Azure ATP also listen to network traffic for example for example, that is why having 100% coverage is crucial.