cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

AADConnect false alert

Paolo Heuer
Copper Contributor

‎Nov 28 2017 09:03 AM

‎Nov 28 2017 09:03 AM

AADConnect false alert

I've found out that Azure ATP has some problems recognizing aadconnect activities.

azure atp dirsync.PNG

Is it happening to you, too?

 

1,319 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Paolo Heuer (Copper Contributor)
Astrid McClean

‎Nov 28 2017 11:50 AM

‎Nov 28 2017 11:50 AM

Solution

Re: AADConnect false alert

This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide 

 

For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Paolo Heuer (Copper Contributor)
Astrid McClean

‎Nov 28 2017 11:50 AM

‎Nov 28 2017 11:50 AM

Solution

Re: AADConnect false alert

This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide 

 

For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.

View solution in original post

1 Like
Reply