Get new detections in Azure ATP – right from our researchers


As a cloud service, we have the ability to introduce continuously new activities and detections to provide better protection for advanced threats and compromised users.


It’s important for us to introduce detections in high quality and early – and for that today we are introducing a new feature: preview detections.


This means that whenever we have a new detection – so will you.

You can enjoy our new detections on day-1, but you also know that they are in preview, and you’ll be able to share your experience with us. Usually, a detection will move from “preview” into “general availability” within a period of few weeks after being introduced.


You can also opt out of new preview detection(s) at any time through the configuration -> preview option.


Our first preview detection is “suspicious VPN connection”: it can help you find the common threat of attackers targeting VPN connections to get into your environment.


Remember to collect VPN data through RADIUS accounting – as explained here


We are looking forward announcing more preview detections in the future!

Stay tuned. Your feedback is welcome!

0 Replies