Forum Discussion

dergin.tiritoglu's avatar
dergin.tiritoglu
Copper Contributor
Oct 25, 2018

Hybrid Deployment and Azure ATP

We have a hybrid deployment that all users are synched to Azure AD from on-prem AD and all workstations are Azure AD connected. The users are using their UPN from on-premise AD and gets authentication federated to ADFS. 

Is deploying Azure ATP still beneficial in this scenario that only monitors the on-premise Active Directory? As the users will be using Azure AD as their main workspace I am not sure if we can make use of any features of Azure ATP. Can someone please provides some insight?

  • Hi Dergin,

    Yes, If you have a domain controller, you can benefit from Azure ATP!

    also, Azure ATP is part of the Microsoft security stack that can provide you with cross solutions detections and investigation so having this kind of solution is must have for Hybrid environments.

    • dergin.tiritoglu's avatar
      dergin.tiritoglu
      Copper Contributor

      Hi,

      Thanks for the reply. What I am really after and I accept that it is beneficial for he on-prem AD is if it will really provide any insight for the user base that is joined to Azure AD.

      As the users will always be using Azure AD connected workstations with synchronised accounts. So only time they will have any involvement with on-premise Active Directory is when they do the initial logon to workstations and authenticate through ADFS federated authentication so I am not sure they will have any interaction with on-prem Active Directory to be able to make use of the Azure ATP security events etc. as ATP will only monitor and report against the on-premise AD.

      • Or Tsemah's avatar
        Or Tsemah
        Icon for Microsoft rankMicrosoft

        Ask yourself:

        • Although your users are synched, can someone compromise one of them to go after a more privileged one or access confidential resources internally?
        • Is there internal user behavior that i wish to monitor?
        • Do i want to augment what Azure AD identity protection finds, or WDATP, or MCAS etc.
        • Do i have VPN Servers that i need to monitor for abnormal user access
        • should my on-premise identity infrastructure can be used against me

        If you answered yes to any, than you probably need Azure ATP...

         

         

Resources