Do I need to host Azure ATP (Defender for Identity) in my own servers?

%3CLINGO-SUB%20id%3D%22lingo-sub-2114834%22%20slang%3D%22en-US%22%3EDo%20I%20need%20to%20host%20Azure%20ATP%20(Defender%20for%20Identity)%20in%20my%20own%20servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2114834%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20organization%20has%20planned%20to%20move%20away%20from%20Microsoft%20ATA%20(Advanced%20Threat%20Analytics)%20to%20Azure%20ATP%20(Defender%20for%20Identity).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERight%20now%2C%20we%20are%20hosting%20the%20Microsoft%20ATA%20consoles%20in%20cloud%20instances%20(AWS%2C%20GCP%2C%20and%20on-prem).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20we%20make%20the%20switch%20to%20Azure%20ATP%2C%20will%20we%20need%20to%20retain%20these%20servers%20so%20we%20can%20install%20Azure%20ATP%20on%20them%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOr%20is%20the%20case%20that%20Azure%20ATP%20is%20a%20SaaS%20product%20that%20is%20hosted%20and%20managed%20by%20Microsoft%20(and%20we%20do%20not%20have%20to%20worry%20about%20spinning%20up%20and%20maintaining%20Windows%20Servers).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20someone%20please%20provide%20some%20clarity%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%2C%3C%2FP%3E%3CP%3ESal%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2114847%22%20slang%3D%22en-US%22%3ERe%3A%20Do%20I%20need%20to%20host%20Azure%20ATP%20(Defender%20for%20Identity)%20in%20my%20own%20servers%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2114847%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955929%22%20target%3D%22_blank%22%3E%40Sal_Mirza%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EThe%20equivalent%20of%20the%20%22Center%22%20machine%20is%20now%20a%20hosted%20service%20managed%20by%20Microsoft%2C%20so%20You%20don't%20need%20this%20machine%20any%20more.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Equivalent%20if%20the%20%22Gateways%22%20is%20now%20called%20%22Sensors%22%2C%20and%20those%20are%20replacing%20the%20Gateways%2C%20still%20installed%20on%20your%20machines%2C%20only%20in%20MDI%2C%20the%20best%20practice%20is%20to%20install%20them%20on%20the%20DC%20itself%26nbsp%3B%20and%20not%20as%20a%20standalone%20machine%20with%20port%20mirroring%2C%20as%26nbsp%3B%20this%20way%20we%20get%20more%20data%20sources%20from%20the%20machine%20and%20doing%20much%20better%20detection.%3CBR%20%2F%3EAlso%2C%20MDI%20supports%20multi%20forest%2C%20so%20in%20case%20you%20had%20to%20work%20with%20multiple%20Center%20machines%20before%2C%20you%20don't%20need%20that%20any%20more%20and%20can%20get%20full%2Fbetter%20coverage%20with%20a%20single%20MDI%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi all,

 

Our organization has planned to move away from Microsoft ATA (Advanced Threat Analytics) to Azure ATP (Defender for Identity).

 

Right now, we are hosting the Microsoft ATA consoles in cloud instances (AWS, GCP, and on-prem).

 

If we make the switch to Azure ATP, will we need to retain these servers so we can install Azure ATP on them?

 

Or is the case that Azure ATP is a SaaS product that is hosted and managed by Microsoft (and we do not have to worry about spinning up and maintaining Windows Servers).

 

Can someone please provide some clarity?

 

Thanks in advance!

 

Best,

Sal

1 Reply

@Sal_Mirza 
The equivalent of the "Center" machine is now a hosted service managed by Microsoft, so You don't need this machine any more.

 

The Equivalent if the "Gateways" is now called "Sensors", and those are replacing the Gateways, still installed on your machines, only in MDI, the best practice is to install them on the DC itself  and not as a standalone machine with port mirroring, as  this way we get more data sources from the machine and doing much better detection.
Also, MDI supports multi forest, so in case you had to work with multiple Center machines before, you don't need that any more and can get full/better coverage with a single MDI tenant.