Forum Discussion
Registration Failure - Connectivity Issues
MicrosoftThere are no plans to support forwarding of the Azure ATP Sensor data through a gateway server.
Our recommendation is to run the sensor directly on the Domain Controller (port mirroring through a stand-alone sensor cannot collect ETW data so some detections will not work in this configuration), and then use a web proxy to send the data to Azure ATP. For those proxies which do not support URL filtering, the Azure Networking subnet range can be used for the region which contains your Azure ATP instance:
https://www.microsoft.com/en-us/download/details.aspx?id=41653
Astrid McClean Thanks for the response.
This is challenging to fully deploy as there are many use cases where Domain Controllers have no access to proxy via policy given that these are highly valuable assets.
Is there any security analysis and discussion around use of sensors with Internet access on Domain Controllers that can be shared with security teams to allay concerns around this setup?
- Astrid McClean
Ejaz Rahman When the connection from the Domain Controllers is restricted to port 443 and the Azure ATP service (there is a specific URL for each Azure ATP instance) we have seen few concerns.
Happy to followup with you offline if there are specific concerns you or your security team has. Please email me directly or send feedback to aatpfeedback@microsoft,com and we can continue the conversation.
Regards,,
Astrid
