Forum Discussion
Azure ATP SAM-R
Hi everyone. Context: One of the AATP prerequisites is the SAM-R GPO. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step8-samr The link above describes how the gpo...
mcliviu have you ever looked at the baseline security policies for Windows?
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines
It specifies the following should be set for Windows clients and member servers
| Network access: Restrict clients allowed to make remote calls to SAM | O:BAG:BAD:(A;;RC;;;BA) |
Domain Controllers are listed as blank. Which I think is required to allow a DC to work correctly.
I thought by default the remote SAM was open to Anon access? Or is that when the domain has gone through upgrades from early versions? So if it's not open, I would have thought you already had a GPO in place that was locking it down? If you're locking it down via GPO you should be able to add the AATP account to that GPO.