Limit Advanced Threat Protection to one domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1805458%22%20slang%3D%22en-US%22%3ELimit%20Advanced%20Threat%20Protection%20to%20one%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1805458%22%20slang%3D%22en-US%22%3E%3CP%3EGreetings%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20Azure%20Advanced%20Threat%20Protection%20outside%20of%20Azure%20Security%20Center.%20We%20view%20the%20information%20in%20a%20stand%20alone%20ATP%20area.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20several%20forests%20but%20only%20want%20to%20protect%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20of%20a%20way%20to%20limit%20the%20scan%20to%201%20forest%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFlynn%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1806455%22%20slang%3D%22en-US%22%3ERe%3A%20Limit%20Advanced%20Threat%20Protection%20to%20one%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1806455%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F841198%22%20target%3D%22_blank%22%3E%40FlynnKeilty%3C%2FA%3E%26nbsp%3BIf%20the%20forests%20do%20not%20have%20trust%20between%20them%2C%20and%20you%20only%20install%20sensors%20on%20the%20one%20you%20want%20to%20protect%2C%20it%20should%20work.%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20trust%2C%20then%20it%20does%20not%20make%20sense%20to%20%22protect%20just%20one%22%20because%20you%20won't%20be%20if%20you%20%22monitor%20just%20one%22.%20an%20attacker%20can%20easily%20attack%20from%20one%20of%20the%20other%20forests%20and%20you%20won't%20be%20able%20to%20see%20it.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Greetings,

 

We use Azure Advanced Threat Protection outside of Azure Security Center. We view the information in a stand alone ATP area.

 

We have several forests but only want to protect one.

 

Does anyone know of a way to limit the scan to 1 forest?

 

Thanks,

 

Flynn

1 Reply
Highlighted

@FlynnKeilty If the forests do not have trust between them, and you only install sensors on the one you want to protect, it should work.

If you have trust, then it does not make sense to "protect just one" because you won't be if you "monitor just one". an attacker can easily attack from one of the other forests and you won't be able to see it.