Forum Discussion
Sensitive groups
MicrosoftSorry, got confused with another thread.
in AATP, you can tag the entities, so it seems you gap is that you need to have at least 10 weeks of learning period.
10 weeks of learning, for what exactly ? To say that someone "unusual" has modified the group membership ? If this is 10 weeks to appear in the report, is pretty useless, don't you think ? What would be the point of that ?
Hi Stuart,
We've reviewed the sensitive groups report and I'm pleased to let you know that all changes to the sensitive groups will now be included in the report (not just the anomalies). We expect to release the code to enable this in our next update cycle on Sunday February 18th.
Did this make it in, as it does not seem to be working ?
Repro:
Add group to entity list
Schedule a report for sensitive groups(daily)
wait a few hours
add some random user to group
await next daily report to show said user was added
Is my expectation correct ?
In the Azure ATP console can you see the changes in the entity profile(s) of the objects in questions?
- EliOfek
Yes and No.
Unlike ATA which can alert for abnormal modifications, and report on all modifications,
AATP (for now) can alert for abnormal modifications too (with the same 10 weeks learning period), but it's report will only report on previously alerted modifications, and not all of them like in ATA.
So.. if you wait 2 more weeks, and use an account that did not modify the tagged group during the learning period, you should see an alert...
