New identity security posture assessment: Unmonitored domain controllers.


We are happy to announce a new identity security posture assessment for unmonitored domain controllers.


What are unmonitored domain controllers?

An essential part of the Azure ATP solution requires that its sensors are deployed on all organizational domain controllers, providing a comprehensive view for all user activities from every device.

For this reason, Azure ATP continuously monitors your environment to identify domain controllers without an installed Azure ATP sensor, and reports on these unmonitored servers to assist you in managing full coverage of your environment.


What risk do unmonitored domain controllers pose to an organization?

In order to operate at maximum efficiency, all domain controllers must be monitored with Azure ATP sensors. Organizations that fail to remediate unmonitored domain controllers, reduce visibility into their environment and potentially expose their assets to malicious actors.


How do I use this security assessment?

  1. Use the report table to discover which of your domain controllers are unmonitored. 


  2. Take appropriate action on those domain controllers by installing and configuring monitoring sensors.


You can find this new assessment under the Identity security posture section on the Cloud app security portal (Azure ATP integration must be enabled).


This new assessment augments the existing experience in the classic Azure ATP portal.




0 Replies