Forum Discussion
Hybrid Deployment and Azure ATP
We have a hybrid deployment that all users are synched to Azure AD from on-prem AD and all workstations are Azure AD connected. The users are using their UPN from on-premise AD and gets authenticatio...
Or Tsemah
Microsoft
MicrosoftHi Dergin,
Yes, If you have a domain controller, you can benefit from Azure ATP!
also, Azure ATP is part of the Microsoft security stack that can provide you with cross solutions detections and investigation so having this kind of solution is must have for Hybrid environments.
Hi,
Thanks for the reply. What I am really after and I accept that it is beneficial for he on-prem AD is if it will really provide any insight for the user base that is joined to Azure AD.
As the users will always be using Azure AD connected workstations with synchronised accounts. So only time they will have any involvement with on-premise Active Directory is when they do the initial logon to workstations and authenticate through ADFS federated authentication so I am not sure they will have any interaction with on-prem Active Directory to be able to make use of the Azure ATP security events etc. as ATP will only monitor and report against the on-premise AD.
- Or Tsemah
Ask yourself:
- Although your users are synched, can someone compromise one of them to go after a more privileged one or access confidential resources internally?
- Is there internal user behavior that i wish to monitor?
- Do i want to augment what Azure AD identity protection finds, or WDATP, or MCAS etc.
- Do i have VPN Servers that i need to monitor for abnormal user access
- should my on-premise identity infrastructure can be used against me
If you answered yes to any, than you probably need Azure ATP...
Ok I see where you coming from. I guess it is beneficial from holistic, complementary with the other toolsets perspective to give a complete view on the threat and security landscape.
Thank you
