Azure Advanced Threat Protection Licensing for who

Copper Contributor

Someone can answer to this problem ?

 

If the company X have YK employees (ex 4000) how many license and of which type you mentioned are needed ?

So for example a single forest, single domain with 4000 users with O365 E3 and 45 Domain controllers.

How many and which type of license are needed and to which users is to assign ?

 

PLEASE DONT LINK THIS ARTICLE THAT DON'T ANSWER!

https://docs.microsoft.com/it-it/azure-advanced-threat-protection/atp-technical-faq

8 Replies

@ThatsSecurity 

Hi,

AATP is licensed in several ways.  you can purchase AATP standalone licenses, EMS E5 licenses, M365 E5 licenses.  

 

You need to license each user account for real people you have.  in your example 4000 employees would mean 4000 licenses.

Thanks for answering 


You need to license each user account for real people you have.  in your example 4000 employees would mean 4000 licenses.


can you please provide a link to the standalone license? I cant find anywhere in internet

and what happens if I have 5000 users of active directory (local) and only 3000 users synchronized to office 365?

@angelncl 

Hi

the # of users sync't to O365 is irrelevant.  AATP enumerates the entities from on-prem AD.  if you have 5000 user accounts, and 4000 employees, i assume you have 1000 service accounts?  if so, than you are fine.  if the other 1000 are real humans you need to license them.

@ThatsSecurity 

it is mentioned here.  https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-technical-faq#where-can-i-get-...  

you likely need to work with your microsoft seller / re-seller.

@Nicholas DiCola (SECURITY JEDI) 

 

Hi apologies for the necro but I'd like to clarify this point. 

 

If the AD has 20000 user objects (some admin accounts, some generic accounts, some service accounts) but only 11000 actual users, do we have to licence every user account in AD (both admin and user but not service accounts), or only the 11000 user accounts pertaining to real people?

 

i.e. some users have two accounts due to admin privileges, the assumption is we must licence both accounts as it is accounts that we are protecting? 

@squicker 

I would check with your seller/licensing expert.  I dont know the ruling on 2 accounts when its the same human user.

@ OK thank you, we will check. But generally speaking, if the accounts don't belong to a human, then there's no licence needed. i.e. if the accounts relate to mailboxes of people who have left the org but the accounts have not been disabled for some reason, then they don't need to be licensed? 

 

That's how I interpret your earlier statement, if not attributed to a human then no licence needed. 

 

Many thanks.