Introducing Azure Advanced Threat Protection
Published Sep 08 2018 10:33 AM 21.3K Views
First published on CloudBlogs on Sep 27, 2017
For up-do-date information on Azure Advanced Threat Protection, please see the blog post announcing general availability . The recent years have witnessed a distinct and consistent escalation in cyberattacks’ scope, scale, and sophistication, impacting organizations across all verticals and locations. This escalation is manifested not only in increasing proliferation of threat-actor groups, but also in the diversity of the utilized attack Tools Techniques and Procedures (TTPs), ranging from zero-day exploits to weaponized antimalware and publicly available toolkits. This threat landscape is driving a change in the common security paradigm, bringing security stakeholders to realize that a resourceful and determined attacker will at a certain point succeed in bypassing the traditional prevention and detection controls. To proactively respond to these threats, there is a need for a security layer that operates following the successful bypass of these controls and is tasked with detecting the malicious activity consecutive to this bypass.

Introducing Azure Advanced Threat Protection for Users

We are excited to announce Azure Advanced Threat Protection (ATP) for Users, a new cloud service which empowers your Security Operations team to detect and investigate advanced attacks and insider threats across the entire scope of users and entities in your network. Leveraging cloud infrastructure and Azure scale, Azure ATP is built to support the most demanding workloads of security analytics for the modern enterprise. Azure ATP fuses together unique machine learning algorithms, world-class security research, and the breadth and depth of the critical security data available to Microsoft as a major enterprise vendor. It will help protect from both known and unknown attack vectors, detecting threats early in the kill chain before they mature into actual damage. Azure ATP brings the capabilities of our current on-premises behavioral analytics solution, Microsoft Advanced Threat Analytics (ATA), to the cloud. Building on the in-depth threat detection capabilities of ATA, Azure ATP will help our customers protect their identities across both their cloud and on-premises directories.


Powered by the Microsoft Intelligent Security Graph , Azure ATP detects malicious activity by aggregating and correlating multiple data sources, network traffic, event logs, VPN data, and others - to create a coherent behavioral profile for each user. Malicious activity will typically generate anomalous behavior, raising a security alert. Complementing its granular anomaly detection capabilities, Azure ATP is shipped with a set of deterministic models that identify both common and newly discovered implementations of attacker techniques such as Pass-the-Hash, Overpass-the-Hash, Golden Ticket, and others.


Azure ATP shows the attack as a contextual alert timeline, where each individual alert includes both description of the malicious activity that triggered it, as well as the required onward remediation and response steps.

Once the alert is triaged and deemed worthy of investigation, Azure ATP provides your security team with the tools and event metadata that are needed to conduct a deeper investigation of the involved users and entities. Additionally, you can pivot to Windows Defender Advanced Threat Protection (ATP) which supplements the alert context with the operations performed on the involved endpoints.

We’re opening registration for our limited preview today. Register here . We’ll begin onboarding our first previewers by the end of October. Looking forward to hearing your feedback! Michael Dubinsky, Principal PM Manager, Azure Advanced Threat Protection.
Version history
Last update:
‎Sep 08 2018 10:33 AM