Unable to access Update 3 for Microsoft Advanced Threat Analytics 1.9
Hi, Microsoft Tech Community and Ricky Simpsonfrom Microsoft, I cannot download Update 3 for Microsoft Advanced Threat Analytics 1.9. Whenever I tried to access the download update from this article, it seemed the ID number 56725 was missing, and an error code of 404 was returned. Tried URL: https://www.microsoft.com/download/details.aspx?id=56725 Hope you can fix this problem as soon as possible, because Microsoft ATA still plays an important role in most of the enterprise network, including my company's network. Best regards for all people in the community
MDI Sensor Updates options?
Hi, So far we have noticed that MDI Sensor updates can be "automatic" or "delayed". However, for our Production environment, we'd like these updates to be controlled by our team, once they have done their testing in a TEST Environment (i.e. we do not want them to be "automatic" or "delayed"). How do we therefore change the MDI Sensor update to be "manual", or via SCCM or similar? Thank you, SKMDI Sensor Implications of renaming a DC and or migrating to a new server
Howdy Folks, One of our clients have a 2 DC (Windows Server 2012 R2) environment. They will soon be migrated to new servers (Windows Server 2019) potentially with Different host names. Has anyone dealt with this before? What implications it may have (except obviously the sensor will have to be installed on those DCs) i.e. - such as Event log configurations, Permissions and GPO configurations etc.. - would we need to reconfigure in the new servers or will they be migrated? Cheers!
Azure ATP Sensor - Update Process Large Number of Domain Controllers
Hello, this question may have already been asked/answered but I have not been able to find a previous thread. I have a customer with a large number of domain controllers (over 1000). The DCs are located in branch office locations as well in data centers. The customer is currently evaluating moving from ATA to ATP. I understand there are two update update options for the Sensor, Immediate and Delayed. We are concerned with hundreds of domain controllers attempting to download/install updates at the same time. Are there any other sensor update configuration options such as creating collections of servers? Another thought we had was to disable the automatic update and use another mechanism (SCCM) for deploying the updates more granular. We were also wondering if there is a way to schedule the upgrade time period? Does any one else in the Tech Community have experience with ATP in a large ADDS count environment? Thanks!Azure ATP mail notification options change
Hi everyone, To make the Azure ATP email notification options more streamlined, we are removing the On\Off toggles from both the security alerts and health issues mail notification options. If you'd like to change your email notification behavior, simply add, or remove email recipients from your current lists. This change will take effect toward the end of September. *If you have unsaved recipients lists, these items will be removed. No changes are made to the Syslog notification channel.Microsoft Defender for Identity and cloud based security
Hi everyone, I'm Ricky and I'm the Product Marketing Manager for Microsoft Defender for Identity. I was looking to start a discussion with the outstanding community we are fortunate to have here around a topic I've been tracking. I was looking for input around cloud based security and the merits it provides, and how this stacks up against your views of how you've maybe tackled security updates in the past. Defender for Identity's capabilities are excellent because we offer cloud based protection in an age of advanced threats being able to propagate throughout an environment very quickly. I'm looking to uncover your views on the process of connecting your DCs to the internet (via a highly configured one way proxy of course) to gain all the benefits that Defender for Identity offers. Specifically, I'd be interested to know whether it would be perceived as a bigger or smaller risk of not having Defender for Identity protection, and what you're doing to help protect your on-premises identities as is. If this is the case, how are you correlating this information with other data sources from security products? It would also be great to see any opinions on how updates are perceived. Does the benefits of having cloud based servicing to Defender for Identity provide enough advantages in today's security landscape as opposed to waiting for updates to land on Patch Tuesday, for example? Maybe you're already a Defender for Identity customer and you went through this risk analysis before you implemented the solution - it would be great to get your viewpoint too. There are no right or wrong answers here, and I just want to see a variety of opinions on the subject. Thanks for getting involved. Will be great to see some feedback on this! Ricky
