Azure ATP service account

%3CLINGO-SUB%20id%3D%22lingo-sub-147865%22%20slang%3D%22en-US%22%3EAzure%20ATP%20service%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-147865%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%3C%2FP%3E%0A%3CP%3EI%20have%20a%20question%20about%20the%20service%20account%20used%20to%20connect%20Azure%20ATP%20with%20the%20domain%3C%2FP%3E%0A%3CP%3EIn%20ATA%20we%20always%20grant%20read%20all%20user%20objects%20and%20read-only%20permissions%20on%20the%20Deleted%20Objects%20Container%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20Azure%20ATP%20we%20need%20to%20do%20the%20same%20configuration%20for%20this%20account%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20Regards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-148521%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20service%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-148521%22%20slang%3D%22en-US%22%3EYes%20-%20same%20configuration.%20This%20account%20is%20also%20used%20Azure%20ATP%20for%20the%20SAMR%20connections%20to%20endpoints%20to%20build%20the%20Lateral%20Movement%20Graph.%3C%2FLINGO-BODY%3E
Frequent Visitor

Hi guys

I have a question about the service account used to connect Azure ATP with the domain

In ATA we always grant read all user objects and read-only permissions on the Deleted Objects Container 

With Azure ATP we need to do the same configuration for this account?

 

Best Regards

1 Reply
Yes - same configuration. This account is also used Azure ATP for the SAMR connections to endpoints to build the Lateral Movement Graph.