Apr 12 2018 06:41 AM
Hi @ll,
is it now possible to observe Azure Active Directory with Azure ATP?
And what about if I only have an Azure AD and no on-premises AD anymore?
Greets,
Karsten...
Apr 15 2018 08:37 AM
I haven't heard that but I would vote for making it possible. +! for Azure ATP to monitor Azure AD.
Apr 16 2018 12:57 AM
Hi Paul and Karsten,
Azure ATP currently only monitors the users in the on-premises Active Directory.
This is something that is being looked into.
Remember you can always use your voice, by visiting the Azure ATP User Voice page.
Best,
Gershon
Apr 17 2018 02:28 AM
Apr 17 2018 08:04 AM
Raf,
Cloud app security is a little different. That product monitors firewall logs to see what apps your users are going to and how much data is being shared by those apps. Once you get a baseline you can then fine tune policies about what apps they should be going to and look for anomalies. That being said the number of Azure/Office related security products are many and they way they do or don't interact is confusing at best to me. Specifically what I would like to know is if our Azure AD has had a mass query done against if from a unfamiliar location. Our Azure AD should not be queried by anyone in Russia for example or anyone that is VPN'ing to the US from Russia. More importantly with the power of the cloud this should be detected and stopped without me having to detect it after the fact and do something about it. We are still in the wild west out here but the Iron Horse is coming across the prairie and I'm hoping that more good guys are coming than bandits.