Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Advanced Threat Analytics Licensing

Copper Contributor

I posted this in Yammer as well, and do apologize if you've found it in both places.

Have a bit of a licensing conundrum with Advanced Threat Analytics, and I hope someone can help. I have reviewed the Licensing Datasheet, the setup guide, and did quite a bit more research (including posts in this community), but an answer still eludes me.

The scenario: A customer wants to license everyone with ATA per-user via EM+S (but the problem exists with any per-user licensing model). There exists in the customer infrastructure a 3-tiered app with machines that request files or data from other machines. These machines will have service accounts in AD, but they are not end-user accessed.

Given no other information, I'd say 'license the service accounts with an ATA user license'. But deprecated user accounts (previously beating hearts) are monitored without having to be licensed; and I've balked on the possibility that situation implies any non-human account could be covered without having to be licensed. Plus, verbiage from the licensing guide:
𝑨𝑻𝑨 𝒍𝒊𝒄𝒆𝒏𝒔𝒆𝒔 𝒂𝒓𝒆 𝒓𝒆𝒒𝒖𝒊𝒓𝒆𝒅 𝒐𝒏𝒍𝒚 𝒇𝒐𝒓 𝒄𝒍𝒊𝒆𝒏𝒕 𝑶𝑺𝑬𝒔 (𝒐𝒓 𝒔𝒆𝒓𝒗𝒆𝒓 𝑶𝑺𝑬𝒔 𝒖𝒔𝒆𝒅 𝒂𝒔 𝒄𝒍𝒊𝒆𝒏𝒕 𝑶𝑺𝑬𝒔) 𝒕𝒉𝒂𝒕 𝒂𝒓𝒆 𝒐𝒏 𝒐𝒓 𝒂𝒄𝒄𝒆𝒔𝒔𝒆𝒅 𝒃𝒚 𝒆𝒏𝒅 𝒖𝒔𝒆𝒓 𝒅𝒆𝒗𝒊𝒄𝒆𝒔 𝒂𝒖𝒕𝒉𝒆𝒏𝒕𝒊𝒄𝒂𝒕𝒆𝒅 𝒃𝒚 𝒂𝒏 𝑨𝒄𝒕𝒊𝒗𝒆 𝑫𝒊𝒓𝒆𝒄𝒕𝒐𝒓𝒚 𝒎𝒂𝒏𝒂𝒈𝒆𝒅 𝒃𝒚 𝑨𝒅𝒗𝒂𝒏𝒄𝒆𝒅 𝑻𝒉𝒓𝒆𝒂𝒕 𝑨𝒏𝒂𝒍𝒚𝒕𝒊𝒄𝒔.
^This leaves me with the distinct impression that licenses are not required, but not an assurance.

Can anyone provide a solid answer?

Thanks,

4 Replies
My understanding is that ATA is not a per-user licensed model application. It's the exception to the EMS license. So in other words, when you buy EMS (per user licensed model), one of the entitlements is the ability to use ATA on-premises without per user licensing required.
I asked a similar question a few months ago, you may find this thread helpful https://techcommunity.microsoft.com/t5/Microsoft-Advanced-Threat/Licensing/m-p/44696

Hi Steven,

For ATA, each human user must have a license.  Service accounts are not considered human.  Just license the people that actually exist in the organization.

Hope this helps.

 

Yes, this helps a ton.  Much easier on both the customer and our sales teams this way.

 

Thanks,