Apr 24 2020 06:24 AM - last edited on Nov 30 2021 02:00 PM by Allen
is there a possibility to get all the Computers where a "Authentication with clear text credentials using LDAP simple bind from %Computername%" was made?
I only can see it if i check the user, but i like to see all the Computer who accepted the LDAP simple bind.
Apr 24 2020 07:16 AM
Have you seen our security assessment for exposing credentials in clear text?
You can get this list after you have integrated AATP with MCAS.
If you don't have a subscription for Cloud App Security, you will still be able to use the Cloud App Security portal to investigate Azure ATP alerts and deep dive on users and their on-premise managed activities, but you won't receive related insights from your cloud applications.
Apr 24 2020 07:58 AM
thanks, this already helps a lot, but i only can see the top 20 credential-exposing entities.
is it possible to get a full list?
Apr 26 2020 01:35 AM - edited Apr 26 2020 01:36 AM
You can now utilize MTP's Advanced hunting feature to query against Azure ATP data (using the IdentityLogonEvents table)
Apr 28 2020 12:10 AM
Hi @Or Tsemah
thanks for your help.
i can turn on "Microsoft Threat Protection" in security.microsoft.com but I don't see it under incidents or action center.
Apr 28 2020 07:31 AM