SOLVED

AATP without MDATP

%3CLINGO-SUB%20id%3D%22lingo-sub-1102146%22%20slang%3D%22en-US%22%3EAATP%20without%20MDATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1102146%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20read%20in%20unofficial%20docs%2Fposts%20that%20there%20may%20be%20some%20integration%20of%20MDATP%20with%20AATP%20but%20I%20cannot%20find%20any%20details%20in%20the%20MDATP%20or%20AATP%20docs.%26nbsp%3B%20If%20someone%20is%20to%20use%20a%203rd%20party%20EDR%20solution%20instead%20of%20MDATP%2C%20does%20anyone%20know%20what%20specific%20functionality(s)%20of%20%3CEM%3EAATP%3C%2FEM%3E%20would%20be%20reduced%20or%20unavailable%20(if%20any)%3F%26nbsp%3B%20Has%20anyone%20experienced%20issues%20with%20running%203rd%20party%20EDR%20alongside%20the%20AATP%20sensor%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1103612%22%20slang%3D%22en-US%22%3ERe%3A%20AATP%20without%20MDATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1103612%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F513917%22%20target%3D%22_blank%22%3E%40ReverseKram%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20read%20about%20the%20integration%20in%20here%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fintegrate-wd-atp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fintegrate-wd-atp%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E(It%20will%20be%20changed%20to%20MDATP)%3C%2FP%3E%0A%3CP%3ECurrently%2C%20Azure%20ATP%20doesn't%20integrate%20with%203rd%20party%20EDR%20solution%3C%2FP%3E%0A%3CP%3ERegarding%20running%20both%20EDR%20%26amp%3B%20AATP%20on%20the%20same%20client%20(Domain%20controller%20for%20example)%2C%20as%20long%20as%20the%20EDR%20doesn't%20employ%20a%20packet%20capturing%20technology%20that%20overlaps%20what%20AATP%20is%20using%2C%20theoretically%20there%20shouldn't%20be%20an%20issue%20but%20it's%20best%20to%20check%20first.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1105632%22%20slang%3D%22en-US%22%3ERe%3A%20AATP%20without%20MDATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1105632%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20the%20link%2C%20that's%20the%20doc%20I%20was%20looking%20for.%26nbsp%3B%20It's%20apparent%20that%20there%20advantages%20to%20the%20integration%20but%20I%20couldn't%20locate%20a%20supporting%20doc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I've read in unofficial docs/posts that there may be some integration of MDATP with AATP but I cannot find any details in the MDATP or AATP docs.  If someone is to use a 3rd party EDR solution instead of MDATP, does anyone know what specific functionality(s) of AATP would be reduced or unavailable (if any)?  Has anyone experienced issues with running 3rd party EDR alongside the AATP sensor?

 

Thanks!

2 Replies
Highlighted
Best Response confirmed by ReverseKram (New Contributor)
Solution

@ReverseKram 

You can read about the integration in here

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/integrate-wd-atp

(It will be changed to MDATP)

Currently, Azure ATP doesn't integrate with 3rd party EDR solution

Regarding running both EDR & AATP on the same client (Domain controller for example), as long as the EDR doesn't employ a packet capturing technology that overlaps what AATP is using, theoretically there shouldn't be an issue but it's best to check first.

Highlighted

@Or Tsemah 

 

Appreciate the link, that's the doc I was looking for.  It's apparent that there advantages to the integration but I couldn't locate a supporting doc.

 

Thanks!