Forum Discussion
Hybrid Deployment and Azure ATP
Hi Dergin,
Yes, If you have a domain controller, you can benefit from Azure ATP!
also, Azure ATP is part of the Microsoft security stack that can provide you with cross solutions detections and investigation so having this kind of solution is must have for Hybrid environments.
Hi,
Thanks for the reply. What I am really after and I accept that it is beneficial for he on-prem AD is if it will really provide any insight for the user base that is joined to Azure AD.
As the users will always be using Azure AD connected workstations with synchronised accounts. So only time they will have any involvement with on-premise Active Directory is when they do the initial logon to workstations and authenticate through ADFS federated authentication so I am not sure they will have any interaction with on-prem Active Directory to be able to make use of the Azure ATP security events etc. as ATP will only monitor and report against the on-premise AD.
- Or TsemahOct 25, 2018Microsoft
Ask yourself:
- Although your users are synched, can someone compromise one of them to go after a more privileged one or access confidential resources internally?
- Is there internal user behavior that i wish to monitor?
- Do i want to augment what Azure AD identity protection finds, or WDATP, or MCAS etc.
- Do i have VPN Servers that i need to monitor for abnormal user access
- should my on-premise identity infrastructure can be used against me
If you answered yes to any, than you probably need Azure ATP...
- dergin.tiritogluOct 25, 2018Copper Contributor
Ok I see where you coming from. I guess it is beneficial from holistic, complementary with the other toolsets perspective to give a complete view on the threat and security landscape.
Thank you
- Eli ShlomoOct 25, 2018MVP
Hi,
When working in a hybrid AD, security needs to be addressed both to the local environment and to the cloud environment, especially when there are local Active Directory servers. The purpose of Azure ATP is to address security and protection issues from attacks such as Pass the Hash, DC Sync and so on.
In addition, Azure ATP and Azure AD Identity Protection have recently been integrated, so the combination of cloud and local environments with a unified layer of protection from one interface is very important today.
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Secure-your-hybrid-cloud-environments-with-Azure-AD-Identity/ba-p/262400Note: Currently Azure ATP can integrate with other security layers such as Office 365 ATP, Windows Defender ATP, and Azure AD will get more integration.
Recommend to review the following article https://www.eshlomo.us/azure-atp-first-impressions/
Eli.