Enable Azure ATP (Microsoft Defender for Identity) and Install ATP Sensor

Enable Azure ATP (Microsoft Defender for Identity) and Install ATP Sensor
Azure ATP (Microsoft Defender for Identity),   is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.


You can enter the Azure ATP portal either by logging in to the portal https://portal.atp.azure.com and selecting your instance, or browsing to the instance URL: https://<instancename>.atp.azure.com, such as https://51sec.atp.azure.com




After logged in, there are a couple of steps to follow to get your instance up and running. You will need to activate your ATP with a sensor installation.

1  Click Sensors menu on the left side

2  Download Azure ATP Sensor setup file, either on Domain controller or one of domain member servers. If it is not on Domain controller, you will need to set up mirroring traffic from DC to your member server. 

3  Double click exe file to start installation. 

4  Since we are not installing it on DC, the option we have is standalone server. It requires configuration of port-mirroring from the domain controllers to receive network traffic. 

5  Enter the access key to link the standalone sensor installation to your Azure ATP instance. 

6  Once installation completed, there are two services showing in the Services MMC. 

7  Configure your sensor.

8  Modify and change your configuration of sensor, making sure it can reach out to your DC.

via Blogger https://ift.tt/31mHhFo
October 19, 2020 at 02:20PM Cloud