Azure ATP (Microsoft Defender for Identity), is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
You can enter the Azure ATP portal either by logging in to the portal https://portal.atp.azure.com and selecting your instance, or browsing to the instance URL: https://<instancename>.atp.azure.com, such as https://51sec.atp.azure.com
Azure Advanced Threat Protection enables you to integrate Azure ATP with Microsoft Defender ATP, for an even more complete threat protection solution. While Azure ATP monitors the traffic on your domain controllers, Microsoft Defender ATP monitors your endpoints, together providing a single interface from which you can protect your environment.
After logged in, there are a couple of steps to follow to get your instance up and running. You will need to activate your ATP with a sensor installation.
1 Click Sensors menu on the left side
2 Download Azure ATP Sensor setup file, either on Domain controller or one of domain member servers. If it is not on Domain controller, you will need to set up mirroring traffic from DC to your member server.
3 Double click exe file to start installation.
4 Since we are not installing it on DC, the option we have is standalone server. It requires configuration of port-mirroring from the domain controllers to receive network traffic.
5 Enter the access key to link the standalone sensor installation to your Azure ATP instance.
6 Once installation completed, there are two services showing in the Services MMC.
7 Configure your sensor.
8 Modify and change your configuration of sensor, making sure it can reach out to your DC.
