Forum Discussion
Hybrid Deployment and Azure ATP
We have a hybrid deployment that all users are synched to Azure AD from on-prem AD and all workstations are Azure AD connected. The users are using their UPN from on-premise AD and gets authentication federated to ADFS.
Is deploying Azure ATP still beneficial in this scenario that only monitors the on-premise Active Directory? As the users will be using Azure AD as their main workspace I am not sure if we can make use of any features of Azure ATP. Can someone please provides some insight?
- Or TsemahMicrosoft
Hi Dergin,
Yes, If you have a domain controller, you can benefit from Azure ATP!
also, Azure ATP is part of the Microsoft security stack that can provide you with cross solutions detections and investigation so having this kind of solution is must have for Hybrid environments.
- dergin.tiritogluCopper Contributor
Hi,
Thanks for the reply. What I am really after and I accept that it is beneficial for he on-prem AD is if it will really provide any insight for the user base that is joined to Azure AD.
As the users will always be using Azure AD connected workstations with synchronised accounts. So only time they will have any involvement with on-premise Active Directory is when they do the initial logon to workstations and authenticate through ADFS federated authentication so I am not sure they will have any interaction with on-prem Active Directory to be able to make use of the Azure ATP security events etc. as ATP will only monitor and report against the on-premise AD.
- Or TsemahMicrosoft
Ask yourself:
- Although your users are synched, can someone compromise one of them to go after a more privileged one or access confidential resources internally?
- Is there internal user behavior that i wish to monitor?
- Do i want to augment what Azure AD identity protection finds, or WDATP, or MCAS etc.
- Do i have VPN Servers that i need to monitor for abnormal user access
- should my on-premise identity infrastructure can be used against me
If you answered yes to any, than you probably need Azure ATP...