Azure ATP Sensor - Update Process Large Number of Domain Controllers

%3CLINGO-SUB%20id%3D%22lingo-sub-972181%22%20slang%3D%22en-US%22%3EAzure%20ATP%20Sensor%20-%20Update%20Process%20Large%20Number%20of%20Domain%20Controllers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-972181%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%20this%20question%20may%20have%20already%20been%20asked%2Fanswered%20but%20I%20have%20not%20been%20able%20to%20find%20a%20previous%20thread.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20a%20customer%20with%20a%20large%20number%20of%20domain%20controllers%20(over%201000).%26nbsp%3B%20The%20DCs%20are%20located%20in%20branch%20office%20locations%20as%20well%20in%20data%20centers.%26nbsp%3B%20The%20customer%20is%20currently%20evaluating%20moving%20from%20ATA%20to%20ATP.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI%20understand%20there%20are%20two%20update%20update%20options%20for%20the%20Sensor%2C%20Immediate%20and%20Delayed.%3CBR%20%2F%3EWe%20are%20concerned%20with%20hundreds%20of%20domain%20controllers%20attempting%20to%20download%2Finstall%20updates%20at%20the%20same%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20there%20any%20other%20sensor%20update%20configuration%20options%20such%20as%20creating%20collections%20of%20servers%3F%26nbsp%3B%20Another%20thought%20we%20had%20was%20to%20disable%20the%20automatic%20update%20and%20use%20another%20mechanism%20(SCCM)%20for%20deploying%20the%20updates%20more%20granular.%26nbsp%3B%20%26nbsp%3BWe%20were%20also%20wondering%20if%20there%20is%20a%20way%20to%20schedule%20the%20upgrade%20time%20period%3F%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20any%20one%20else%20in%20the%20Tech%20Community%20have%20experience%20with%20ATP%20in%20a%20large%20ADDS%20count%20environment%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-972181%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESensor%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUpdate%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-973502%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Sensor%20-%20Update%20Process%20Large%20Number%20of%20Domain%20Controllers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-973502%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F173807%22%20target%3D%22_blank%22%3E%40Bryan%20Bishop%3C%2FA%3E%26nbsp%3B%2C%20delay%20is%20the%20only%20option%2C%20there%20is%20currently%20no%20way%20to%20do%20groups%20or%20update%20circles.%3C%2FP%3E%0A%3CP%3EAlso%20no%20option%20on%20timing%20an%20update%20or%20using%20SCCM%2C%20as%20that%20would%20require%20you%20to%20uninstall%20and%20reinstall%2C%20which%20will%20be%20much%20harder%20to%20implement%20correctly.%3C%2FP%3E%0A%3CP%3EWe%20have%20other%20customers%20with%20a%20similar%20numbers%20of%20DCs%20%2C%20the%20download%20timing%20was%20never%20raised%20as%20an%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hello, this question may have already been asked/answered but I have not been able to find a previous thread.

I have a customer with a large number of domain controllers (over 1000).  The DCs are located in branch office locations as well in data centers.  The customer is currently evaluating moving from ATA to ATP.  

I understand there are two update update options for the Sensor, Immediate and Delayed.
We are concerned with hundreds of domain controllers attempting to download/install updates at the same time.

 

Are there any other sensor update configuration options such as creating collections of servers?  Another thought we had was to disable the automatic update and use another mechanism (SCCM) for deploying the updates more granular.   We were also wondering if there is a way to schedule the upgrade time period?

Does any one else in the Tech Community have experience with ATP in a large ADDS count environment?

 

Thanks!

1 Reply
Highlighted

@Bryan Bishop , delay is the only option, there is currently no way to do groups or update circles.

Also no option on timing an update or using SCCM, as that would require you to uninstall and reinstall, which will be much harder to implement correctly.

We have other customers with a similar numbers of DCs , the download timing was never raised as an issue.