cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

AADConnect false alert

Paolo Heuer
New Contributor

‎11-28-2017 09:03 AM

‎11-28-2017 09:03 AM

AADConnect false alert

I've found out that Azure ATP has some problems recognizing aadconnect activities.

azure atp dirsync.PNG

Is it happening to you, too?

 

519 Views
0 Likes
1 Reply
Reply
1 Reply
Best Response confirmed by Paolo Heuer (New Contributor)
Astrid McClean

‎11-28-2017 11:50 AM

‎11-28-2017 11:50 AM

Solution

Re: AADConnect false alert

This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide 

 

For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.

1 Like
Reply