Forum Discussion
Minimum Permissions for ATP Sensor installation
Do you need to have Global Admin/Security Admin credentials during the ATP sensor install or just the key? Want to use the minimum needed.
Work space creation created these groups.
Azure ATP<Work space Name> Administrators
Azure ATP<Work space Name> Owners
Azure ATP<Work space Name> Readers
Thanks
5 Replies
- EliOfek
Microsoft
You need Just the key to be able to connect to the service.
Fro the installation itself, you need to have privileges on the local machine to install the sensor.
With all that ATP is gathering and doing on each DC, is it true that no user associated with ATP running needs privileges? A standard user would not be able to see the network traffic, read the security logs, or be able to run the agent on the DC. Could you explain the different user accounts (if more than one) that are used with ATP and what the minimum level of privilege for each is? Thanks!
- EliOfek
derekmelber , The sensor has a few components, each running under a different account.
The sensor updater service is running as local system, thus has permissions to do a lot...
The sensor itself is running as a local service virtual account created during deployment,
And since the deployment is running as admin, it gives it the permissions it needs locally to access security log, read traffic etc.The domain credentials you are adding in the console UI are for outside authentications, like ruining remote LDAP queries, SAMR authentication to endpoints for lateral movement etc, so low privileged account for this purpose is enough.
- Thanks Eli!
