Azure ATP is now generally available!

%3CLINGO-SUB%20id%3D%22lingo-sub-166942%22%20slang%3D%22en-US%22%3EAzure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166942%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EToday%20Microsoft%20is%20excited%20to%20announce%20that%20Azure%20Advanced%20Threat%20Protection%20(ATP)%20is%20now%20generally%20available%3C%2FSTRONG%3E.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20ATP%3C%2FA%3E%20is%20a%20cloud-based%20security%20solution%20that%20helps%20you%20detect%20and%20investigate%20security%20incidents%20across%20your%20networks.%20It%20supports%20the%20most%20demanding%20workloads%20of%20security%20analytics%20for%20the%20modern%20enterprise.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1621680646%22%20id%3D%22toc-hId-1706525476%22%20id%3D%22toc-hId-1706525476%22%20id%3D%22toc-hId-1706525476%22%3EWhat%20is%20Azure%20ATP%3F%3C%2FH2%3E%0A%3CP%3EFor%20security%20operators%2C%20analysts%2C%20and%20professionals%20who%20are%20struggling%20to%20detect%20advanced%20attacks%20in%20a%20hybrid%20environment%2C%20Azure%20ATP%20is%20a%20threat%20protection%20solution%20that%20helps%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EDetect%20and%20identify%20suspicious%20user%20and%20device%20activity%20with%20learning-based%20analytics%3C%2FLI%3E%0A%3CLI%3ELeverage%20threat%20intelligence%20across%20the%20cloud%20and%20on-premises%20environments%3C%2FLI%3E%0A%3CLI%3EProtect%20user%20identities%20and%20credentials%20stored%20in%20Active%20Directory%3C%2FLI%3E%0A%3CLI%3EProvide%20clear%20attack%20information%20on%20a%20simple%20timeline%20for%20fast%20triaging%3C%2FLI%3E%0A%3CLI%3EMonitor%20multiple%20entry%20points%20through%20integration%20with%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2FWindowsForBusiness%2Fwindows-atp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWindows%20Defender%20Advanced%20Threat%20Protection%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAzure%20ATP%20is%20able%20to%20detect%20advanced%20malicious%20attacks%20leveraging%20both%20cloud%20and%20on-premises%20signals%2C%20reducing%20false%20positives%2C%20and%20providing%20an%20end-to-end%20investigation%20experience%20including%20across%20endpoint%20and%20identity%20with%20Windows%20Defender%20ATP%20integration.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERead%20more%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fenterprisemobility%2F2018%2F03%2F01%2Fintroducing-azure-advanced-threat-protection-2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEnterprise%20Mobility%20%2B%20Security%20Blog%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-193301%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-193301%22%20slang%3D%22en-US%22%3E%3CP%3EI%20created%20a%20new%20user%20and%20it%20is%20working%20now%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-193291%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-193291%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Eunfortunately%20I%20have%20the%20same%20problem%20as%20Dustin%20in%20my%20test%20tenant.%3C%2FP%3E%3CP%3E%22In%20order%20to%20access%20your%20workspace%2C%20renew%20your%20license%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-170757%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-170757%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Chris%2C%26nbsp%3BSupport%20should%20be%20available%26nbsp%3Bfor%20EMS%20E5%20customers.%20We%26nbsp%3Bare%20looking%20into%20why%20the%20option%20is%20not%20yet%20available.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168709%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168709%22%20slang%3D%22en-US%22%3EIs%20there%20a%20reason%20that%20the%20hyperlink%20in%20the%20error%20referenced%20earlier%20(related%20to%20the%20provisioning%20issue)%20takes%20you%20to%20the%20support%20portal%20where%20you%20would%20need%20a%20support%20contract%20to%20open%20an%20%E2%80%9Con-prem%E2%80%9D%20support%20case%3F%20The%20support%20options%20specifically%20call%20out%20Azure%20ATP%2C%20but%20I%20would%20expect%20to%20be%20able%20to%20use%20our%20cloud%20based%20support%2C%20that%20we%20would%20enter%20tickets%20for%20EM%2BS%20or%20Office%20365%2C%20when%20creating%20a%20support%20case%20for%20Azure%20ATP%20since%20it%20is%20completely%20a%20cloud%20service%20and%20also%20a%20part%20of%20EM%2BS%20E5.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20support%20experience%20expected%3F%20Is%20this%20a%20known%20issue%20that%20is%20being%20resolved%20to%20integrate%20Azure%20ATP%20support%20into%20cloud%20based%20support%20options%20like%20Advanced%20Support%20for%20Partners%20or%20Cloud%20Signature%20support%2C%20for%20example%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168365%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168365%22%20slang%3D%22en-US%22%3E%3CP%3EATA%20continues%20to%20be%20supported%2C%20and%20the%20team%20will%20be%20releasing%20an%20update%20to%20ATA%20in%20the%20next%20few%20weeks.%20ATA%20is%20helpful%20for%20environments%20where%20it%20is%20not%20possible%2C%20or%20desired%2C%20to%20connect%20to%20the%20Azure%20cloud%20service%2C%20or%20for%20organizations%20who%20do%20not%20want%20to%20pay%20the%20licensing%20cost%20for%20Azure%20ATP.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168358%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168358%22%20slang%3D%22en-US%22%3EWhat%20would%20be%20the%20reasons%20to%20still%20use%20ATA%20over%20Azure%20ATP%20then%3F%3CBR%20%2F%3Eor%20is%20Microsoft%20looking%20to%20phase%20that%20out%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168356%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168356%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Jordan%2C%20If%20you%20are%20currently%20using%20ATA%20you%20will%20need%20to%20uninstall%20the%20LWGW%20and%20install%20the%20Azure%20ATP%20sensor.%20The%20LWGW%20and%20Sensor%20cannot%20coexist%20on%20the%20same%20server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168353%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168353%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20we%20already%20have%20ATA%20in%20place%2C%20do%20we%20need%20to%20off-board%20the%20light%20gateway%20agents%20and%20then%20install%20the%20Azure%20ATP%20sensors%3F%20Or%20do%20we%20keep%20both%20installed%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-168065%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-168065%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Dustin%2C%20We%20are%20working%20on%20getting%20this%20issue%20resolved.%20It%20will%20take%20a%20few%20additional%20days%20before%20Azure%20ATP%20is%20available%20in%20your%20tenant.%20We%20appreciate%20your%20patience!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167868%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167868%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20licensed%20for%20M365%20E5%2C%20but%20our%20Azure%20ATP%20tenant%20portal%20says%20that%20%22In%20order%20to%20access%20your%20workspace%2C%20renew%20your%20license%22.%20We%20had%20heard%20that%20there%20was%20a%20licensing%20issue%20that%20would%20have%20been%20resolved%20by%20today%20(the%205th)%2C%20but%20we%20still%20can't%20provision%20a%20Workspace.%20Do%20we%20just%20need%20to%20wait%20a%20few%20more%20days%3F%20Or%20is%20there%20some%20other%20step%20we%20need%20to%20perform%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167542%22%20slang%3D%22en-US%22%3ERE%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167542%22%20slang%3D%22en-US%22%3EHey%2C%20we%20are%20publicly%20available%20for%20everyone%20to%20use%2C%20but%20we%20aren't%20deployed%20in%20data%20center%20in%20Germany%20(Azure%20Blackforest).%20We%20are%20deployed%20in%20north%20and%20west%20Europe%20and%20US.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167311%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167311%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Azure%20ATP%20service%20is%20available%20world-wide%2C%20however%20workspaces%20can%20only%20be%20created%20in%20one%20of%20two%20regions%20-%20US%20or%20Europe.%20If%20you%20were%20looking%20for%20a%20country-specific%20deployment%2C%20we%20do%20not%20yet%20have%20an%20instance%20of%20Azure%20ATP%20running%20specifically%20in%20Germany%2C%20and%20at%20this%20time%20we%20don't%20have%20a%20timeline%20for%20providing%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167121%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167121%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20'generally%20available'%20mean%26nbsp%3BATP%20is%20available%20in%20Azure%20Germany%20as%20well%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-767265%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-767265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70522%22%20target%3D%22_blank%22%3E%40Astrid%20McClean%3C%2FA%3E%26nbsp%3B-%20I%20know%20this%20is%20a%20dated%20post%2C%20but%20we%20have%20the%20same%20issue.%20%22Renew%20your%20license%20to%20access%20your%20Azure%20ATP%20instance%22%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-768420%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20is%20now%20generally%20available!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-768420%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F380021%22%20target%3D%22_blank%22%3E%40zhattingh%3C%2FA%3E%26nbsp%3B%20Does%20your%20tenant%20have%20an%20active%20license%20subscription%20for%20Azure%20ATP%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Today Microsoft is excited to announce that Azure Advanced Threat Protection (ATP) is now generally available. Azure ATP is a cloud-based security solution that helps you detect and investigate security incidents across your networks. It supports the most demanding workloads of security analytics for the modern enterprise.

What is Azure ATP?

For security operators, analysts, and professionals who are struggling to detect advanced attacks in a hybrid environment, Azure ATP is a threat protection solution that helps:

  • Detect and identify suspicious user and device activity with learning-based analytics
  • Leverage threat intelligence across the cloud and on-premises environments
  • Protect user identities and credentials stored in Active Directory
  • Provide clear attack information on a simple timeline for fast triaging
  • Monitor multiple entry points through integration with Windows Defender Advanced Threat Protection

Azure ATP is able to detect advanced malicious attacks leveraging both cloud and on-premises signals, reducing false positives, and providing an end-to-end investigation experience including across endpoint and identity with Windows Defender ATP integration.

 

Read more about it in the Enterprise Mobility + Security Blog.

15 Replies

Does 'generally available' mean ATP is available in Azure Germany as well?

The Azure ATP service is available world-wide, however workspaces can only be created in one of two regions - US or Europe. If you were looking for a country-specific deployment, we do not yet have an instance of Azure ATP running specifically in Germany, and at this time we don't have a timeline for providing that.

Hey, we are publicly available for everyone to use, but we aren't deployed in data center in Germany (Azure Blackforest). We are deployed in north and west Europe and US.

We are licensed for M365 E5, but our Azure ATP tenant portal says that "In order to access your workspace, renew your license". We had heard that there was a licensing issue that would have been resolved by today (the 5th), but we still can't provision a Workspace. Do we just need to wait a few more days? Or is there some other step we need to perform?

Hi Dustin, We are working on getting this issue resolved. It will take a few additional days before Azure ATP is available in your tenant. We appreciate your patience!

If we already have ATA in place, do we need to off-board the light gateway agents and then install the Azure ATP sensors? Or do we keep both installed?

Hi Jordan, If you are currently using ATA you will need to uninstall the LWGW and install the Azure ATP sensor. The LWGW and Sensor cannot coexist on the same server.

What would be the reasons to still use ATA over Azure ATP then?
or is Microsoft looking to phase that out?

ATA continues to be supported, and the team will be releasing an update to ATA in the next few weeks. ATA is helpful for environments where it is not possible, or desired, to connect to the Azure cloud service, or for organizations who do not want to pay the licensing cost for Azure ATP.

Is there a reason that the hyperlink in the error referenced earlier (related to the provisioning issue) takes you to the support portal where you would need a support contract to open an “on-prem” support case? The support options specifically call out Azure ATP, but I would expect to be able to use our cloud based support, that we would enter tickets for EM+S or Office 365, when creating a support case for Azure ATP since it is completely a cloud service and also a part of EM+S E5.

Is this support experience expected? Is this a known issue that is being resolved to integrate Azure ATP support into cloud based support options like Advanced Support for Partners or Cloud Signature support, for example?

Hi Chris, Support should be available for EMS E5 customers. We are looking into why the option is not yet available.

Hi,

unfortunately I have the same problem as Dustin in my test tenant.

"In order to access your workspace, renew your license"

I created a new user and it is working now

@Astrid McClean - I know this is a dated post, but we have the same issue. "Renew your license to access your Azure ATP instance"

@zhattingh  Does your tenant have an active license subscription for Azure ATP?