Forum Discussion

Ned Rynearson's avatar
Ned Rynearson
Copper Contributor
Sep 24, 2018

Minimum Permissions for ATP Sensor installation

Do you need to have Global Admin/Security Admin credentials during the ATP sensor install or just the key?  Want to use the minimum needed.   Work space creation created these groups.    Azure ATP...
derekmelber's avatar
derekmelber
Copper Contributor
Apr 13, 2020

EliOfek 

With all that ATP is gathering and doing on each DC, is it true that no user associated with ATP running needs privileges? A standard user would not be able to see the network traffic, read the security logs, or be able to run the agent on the DC. Could you explain the different user accounts (if more than one) that are used with ATP and what the minimum level of privilege for each is? Thanks!

BrandonLawson's avatar
BrandonLawson
Former Employee
Apr 13, 2020

derekmelber 

You need at least one directory service account with read access to all objects in the monitored domain.  This account can be an standard AD user or a Group Managed Service Account.  You configure this within the AATP portal.

 

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-prerequisites#before-you-start

 

As Eli mentioned for the sensor, you just need privileges on the local machine to install the sensor.  There is not a second account needed to collect data with the sensor.   

Resources