Instances or Workspaces Azure ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-657321%22%20slang%3D%22en-US%22%3EInstances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-657321%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20I%20create%20more%20instances%20in%20azure%20atp%20%3F.%20Before%20there%20were%20working%20groups%20where%20you%20could%20have%20many.%20My%20scenario%20is%20that%20a%20holding%20company%20has%20different%20independent%20domains%20(companies)%20in%20the%20same%20tenant%20and%20each%20one%20has%20its%20domain%20administrator%2C%20so%20a%20centralized%20instance%20for%20eight%20domains%20does%20not%20work%20because%20each%20domain%20has%20its%20own%20administrator.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-657937%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-657937%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342160%22%20target%3D%22_blank%22%3E%40angelncl%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20dont%20support%20this%20model%20anymore.%26nbsp%3B%20You%20can%20only%20have%201%20central%20work%20space%20per%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1692248%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1692248%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Eis%20this%20still%20valid%3F%20Still%20only%20one%20Azure%20ATP%20instance%20can%20be%20created%20per%20tenant%3F%20Is%20any%20change%20foreseen%20in%20MS%20road-map%20that%20more%20Azure%20ATP%20instances%20can%20be%20created%20in%20one%20tenant%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1694405%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1694405%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F712130%22%20target%3D%22_blank%22%3E%40gencv%3C%2FA%3E%26nbsp%3BStill%20one%26nbsp%3B%20instance%20per%20tenant.%20as%20far%20as%20I%20know%20there%20are%20no%20plans%20to%20change%20that%2C%20as%20this%20is%20the%20model%20all%20the%20azure%20security%20products%20are%20using%20across%20the%20board%2C%20and%20breaking%20this%20model%20causes%20a%20lot%20of%20issues.%3C%2FP%3E%0A%3CP%3EWe%20used%20to%20have%20that%20model%20initially%20and%20had%20to%20back%20out%20of%20it%20because%20it%20failed%20to%20align%20with%20the%20rest%20of%20the%20products%2C%20and%20broke%20integrations...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1694472%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1694472%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3Ethanks%20for%20the%20feedback.%20Do%20you%20know%20if%20it's%20possible%20to%20configure%20role%20based%20access%20control%2C%20per%20group%20of%20domain%20controllers%20in%20Azure%20ATP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1694500%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1694500%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F40725%22%20target%3D%22_blank%22%3E%40Genc%20Vojka%3C%2FA%3E%26nbsp%3B%2C%20No%2C%20there%20isn't.%3C%2FP%3E%0A%3CP%3EBut%20I%20suggest%20to%20send%20this%20feedback%20to%20%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EAATAatpFeedback%20at%26nbsp%3B%20microsoft.com.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EMention%20the%20scenario%20you%20are%20trying%20to%20deal%20with.%3C%2FP%3E%0A%3CP%3EWhat%20is%20your%20current%20solution%20for%20any%20other%20azure%20security%20product%20you%20are%20using%20if%20any%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1753185%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1753185%22%20slang%3D%22en-US%22%3E%40Eli%2C%3CBR%20%2F%3E%3CBR%20%2F%3Ewe%20are%20using%20M365%20and%20have%20multiple%20domains.%20The%20intention%20is%20to%20create%20a%20dedicated%20workspace%20for%20different%20domains%2C%20where%20each%20domain%20owner%20will%20have%20access%20on%20the%20workspace%20dedicated%20for%20his%20DCs.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1762028%22%20slang%3D%22en-US%22%3ERe%3A%20Instances%20or%20Workspaces%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1762028%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F712130%22%20target%3D%22_blank%22%3E%40gencv%3C%2FA%3E%26nbsp%3B%20then%20you%20will%20need%20to%20use%20a%20different%20AD%20tenant%26nbsp%3B%20for%20each%20domain%20.%3CBR%20%2F%3EQuestion%3A%20are%20those%20domains%20connected%20in%20any%20way%3F%20if%20yes%2C%20and%20you%20split%20them%20to%20different%20workspaces%2C%20while%20you%20gain%20some%20kind%20of%20%22role%20separation%22%26nbsp%3B%20you%20are%20hurting%20detection%20a%20lot%20as%20you%20won't%20be%20able%20to%20get%20full%20coverage%20on%20cross%20domain%20attacks.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

How can I create more instances in azure atp ?. Before there were working groups where you could have many. My scenario is that a holding company has different independent domains (companies) in the same tenant and each one has its domain administrator, so a centralized instance for eight domains does not work because each domain has its own administrator.

7 Replies

@angelncl 

We dont support this model anymore.  You can only have 1 central work space per tenant.

Hi,

is this still valid? Still only one Azure ATP instance can be created per tenant? Is any change foreseen in MS road-map that more Azure ATP instances can be created in one tenant? 

 

Thanks,

@gencv Still one  instance per tenant. as far as I know there are no plans to change that, as this is the model all the azure security products are using across the board, and breaking this model causes a lot of issues.

We used to have that model initially and had to back out of it because it failed to align with the rest of the products, and broke integrations...

Hi @Eli Ofek ,

thanks for the feedback. Do you know if it's possible to configure role based access control, per group of domain controllers in Azure ATP?

 

Thanks,

@Genc Vojka , No, there isn't.

But I suggest to send this feedback to AATAatpFeedback at  microsoft.com.

Mention the scenario you are trying to deal with.

What is your current solution for any other azure security product you are using if any ?

@Eli,

we are using M365 and have multiple domains. The intention is to create a dedicated workspace for different domains, where each domain owner will have access on the workspace dedicated for his DCs.

@gencv  then you will need to use a different AD tenant  for each domain .
Question: are those domains connected in any way? if yes, and you split them to different workspaces, while you gain some kind of "role separation"  you are hurting detection a lot as you won't be able to get full coverage on cross domain attacks.