Forum Discussion

Brian_Sutton's avatar
Brian_Sutton
Copper Contributor
Jun 24, 2019

Azure ATP running in Azure IaaS Environment

My company has multiple different domains we are protecting with AATP.  All of the domains except 1 are located on premise.  We have a single domain running on Windows VMs located in Azure IaaS.  Thi...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jun 25, 2019

Host file would not work for this..

This is not a DNS based name resolution.

The idea is that if we see this IP on network traffic, we verify its identity using multiple methods.

One of these methods is sending a crafted payload to Udp/137 that is expected to make the endpoint reply with it's netbios name....

 

The alert will pop up if more that 90% of our tries failed. 

this could be due to blocked port or high latency to many endpoints or to few endpoints that responsible for most of the traffic.

 

We can turn on a trace for a few hours which will tell us which IPs are failing, but you need to contat support for that.

Brian_Sutton's avatar
Brian_Sutton
Copper Contributor
Jul 01, 2019

EliOfek Per your recommendation, I opened a support ticket (6/26 at 9:02 AM ET) however I haven't received a single update from Microsoft support yet. I updated the case twice asking for an update but still haven't heard from anyone.  Can you assist with pushing this forward (ID = 119062624001365)?  Thanks!

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Jul 01, 2019

    Brian_Sutton , Apologies for the delay, it seems that support are currently under heavy load,

    I will see what I can do to push this faster. 

Resources