Azure ATP and Defender ATP integration

Occasional Contributor



I noticed an issue related to Azure and Defender ATP integration.

The problem is that Defender ATP displays identities in logon format domain\identity, while Azure ATP display the SAM Acc name


You have an alert raised in Defender ATP.

You logon to defender ATP cosole,

Defender queries the identity in Azure with logon name  (domain\username) and returns no result.

However, if you search for logon name in Azure ATP, no results are returned. You need to enter only the sam account name for Azure ATP console to return results.

Because of this issue, the integration between products gives limited visibility.

2 Replies

Hi @mcliviu ,


Thank you for sharing with us this feedback!

Will take it with you offline to better understand the scenario.




best response confirmed by mcliviu (Occasional Contributor)

Would like to update we fixed this issue.

If inn the future you are seeing such miss-correlation, please update us.