Creating your Azure ATP instance is easy if you know what you're doing. After watching this video, you will know the right way to create your Azure ATP instance on your first attempt.
- [Instructor] When you're preparing to create your Azure Advanced Threat Protection Instance you do want to check out a couple of prerequisites to make sure you're ready to get started. The first of which is to verify your domain controllers have internet connectivity, after all Azure ATP is a cloud hosted service. You do want to make sure that your internet connection has adequate bandwidth, that you have some spare capacity there to handle the event boarding that's going to happen as a result of deploying sensors to your domain controllers. You'll need an on-premises username and password that has read access to all the objects in your monitored domain. Optionally, you can create a user account that has no network activities. This is going to be configured as an Azure ATP honeytoken user, so the best practice here is to just create an account that is not used in any way shape or form. That way when you see activity against that account of any sort you know the potential for breach is high. Currently Azure ATP data centers are deployed in Europe, North American, Central America, Caribbean, and Asia. Your instance is going to be automatically created in the data center that's geographically closest to your Azure active directory instance. Now once that instance is created, your Azure ATP instance can't be moved. Now optionally when you deploy your standalone sensor, you'll want to forward a few additional Windows events, the IDs are on the screen here and in the instructions when you set up Azure ATP and this is going to further enhance Azure ATP's ability to detect a number of common attacks like pass the hash, brute force, modifications to sensitive groups, or honeytoken detection. It's up to you, these can come from your security event information management system or just simply event forwarding from your domain controllers. Now after we verified you have the prerequisites out of the way, we're ready to start the creation of your Azure ATP instant. And what you're going to find with Azure ATP is though the process looks a lot like Advanced Threat Analytics, the ATA process, except that we don't need to deploy our own server remember, it's a cloud hosted service. So to get that process started I'll go to portal.atp.azure.com that's going to drop me right into the Azure Advanced Threat Protection Instance wizard and I'll start that process. So once I go ahead and hit the Go button for that instance it's going to immediately ask me to provide a username and password to connect into my active directory forest. So once I provide that information and I hit Add Credentials I'm ready to download my first sensor and get that installed on my domain controller. And that's really the process. Again if you love Advanced Threat Analytics, but you don't want to bother with that on premises ATA server, Azure ATP is a great option.
- Configuring virtual-based security
- Securing email
- Implementing post-breach defense
- Protecting the cloud with Azure AD
- Using Windows Defender ATP
- Managing privileged access in Azure