The DNS protocol in many organizations is typically not monitored and is rarely blocked against malicious activity.  Open DNS capabilities allow attackers on compromised machines to abuse the DNS protocol for malicious communication such as data exfiltration, command and control, and evading corporate network restrictions.

Starting from Version 2.49, Azure ATP will detect attempts at Suspicious Communication over DNS and issue a security alert like the one shown below.

For more information visit https://aka.ms/atasaguide-dnssus

Stay tuned for additional alerts and updates. Your feedback is welcome