Hola a todos, el motivo de este post es para decir un “hasta luego” y dar muchas gracias por todos estos años en el programa de Microsoft MVP.

Durante estos 7 años maravillosos he podido conocer gente espectacular tanto en lo profesional como en lo personal.

Quiero agradecer principalmente a Cristina Herrero, Sara Linares, Ester De Nicolás, Paulo Dias, Jose Bonin, Oscar Mozo, Chema Alonso (El Maligno), ToniRecio (Second Nud mi primer webcast fue con ellos) y Fernando Guillot que confiaron en mi apenas llegar a España por allá en el año 2010.

También a todos aquellos compañeros de guerra y que actualmente son mis amigos y referentes en el mundo tecnológico como: Elias Mereb, Rodrigo Diaz Concha, Jorge Lozano, el maestro Yeray, Antonio Gilabert, Adrian Diaz, Juan Carlos Gonzalez, Rafa Ansino (The Fat Runner), Santiago Porras, Dani Alonso, David Nudelman, Samuel Lopez (mi compinche), Miguel Hernandez, Pedro Delgado, David Rivera, Juan Ignacio Oller, Luis Fraile, Lluis Franco, Juan Diaz Antuna, Angel Alvarez (Seguridad a lo Jabali), Pilar Palel, Julian Peris, El Pani The Boss, Miguel Tabera y Alberto Pascual.

Muchas gracias también a todas las comunidades técnicas por la oportunidad de participar en innumerables eventos y charlas técnicas pero en especial a la mía La Comunidad Office 365.

Pido disculpas si me dejo alguna persona en el camino pero son tantas personas que no quiero hacer tan larga esta lista.

Seguiré apoyando y compartiendo mis conocimientos y seguro que nos seguiremos viendo por allí.

Un abrazo.

Peter Frank.

Hi Guys, today we are working on the services in the Enterprise Mobility + Security, under the name Azure Advanced Threat Protection.
If you interested in a demo is merely a click in this URL:
https://www.microsoft.com/es-es/cloud-platform/enterprise-mobility-security-pricing

Who is Azure Advanced Threat Protection (ATP)?

It is a service to secure and protect your hybrid enterprise environments for multiple events and cyber attacks, inside and outside in the organizations.

For more details, please click here: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp

The lab environment.

My lab environment is straightforward the components are:
– Windows Server 2006 Standard Edition Single Domain Controller

– Azure AD Connect synchronization with my tenant in Office 365 (peterdiaz.es) under the domain peterdiazmvp.com

– The sensor is connecting with Azure ATP in active reporting health status, issues, and alerts.

How to install the agent sensor in the server?

It is the first step to reporting logs and alert for the ATP services on Azure, simple how to connect in the URL where do you have the tenant in my case is https://XXXXXXX.atp.azure.com
Go to configuration and download and install the sensor in the server, after the installation you will need copy and paste the code generates.

After the installation will check the services on the windows server.

Well, immediately the sensor detected an issue in the server, the audits policies are not enabled, it is essential because with this audits all the security and systems logs will up for any alert risk or attack.

Automatically the ATP open a ticket for our attention.

To close and solver the risk is easy and simple, go to group policy management console in the server and edit the policy to enabling the audits logs:

Computer Configuration – Windows Settings –Security Settings – Advanced Audit Policy Configuration – Audit Policies

Enable: Account Logon – Audit Credential Validation  and Account Management – Audit Security Group Management

Cheers.

Peter Frank

MVP-MCT-MCSE