Hi Guys, today we are working on the services in the Enterprise Mobility + Security, under the name Azure Advanced Threat Protection.
If you interested in a demo is merely a click in this URL:
Who is Azure Advanced Threat Protection (ATP)?
It is a service to secure and protect your hybrid enterprise environments for multiple events and cyber attacks, inside and outside in the organizations.
For more details, please click here: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp
The lab environment.
My lab environment is straightforward the components are:
– Windows Server 2006 Standard Edition Single Domain Controller
– Azure AD Connect synchronization with my tenant in Office 365 (peterdiaz.es) under the domain peterdiazmvp.com
– The sensor is connecting with Azure ATP in active reporting health status, issues, and alerts.
How to install the agent sensor in the server?
It is the first step to reporting logs and alert for the ATP services on Azure, simple how to connect in the URL where do you have the tenant in my case is https://XXXXXXX.atp.azure.com
Go to configuration and download and install the sensor in the server, after the installation you will need copy and paste the code generates.
After the installation will check the services on the windows server.
Well, immediately the sensor detected an issue in the server, the audits policies are not enabled, it is essential because with this audits all the security and systems logs will up for any alert risk or attack.
Automatically the ATP open a ticket for our attention.
To close and solver the risk is easy and simple, go to group policy management console in the server and edit the policy to enabling the audits logs:
Computer Configuration – Windows Settings –Security Settings – Advanced Audit Policy Configuration – Audit Policies
Enable: Account Logon – Audit Credential Validation and Account Management – Audit Security Group Management