Hey every good evening, and hope you guys are having a nice day today. Just another topic about Azure ATP here, a.k.a Microsoft Defender for Identity.
If you come across this before and then you would already know what is it for. If you are new here, then let’s just have a brief explanation what is it about. Azure ATP is basically a cloud-service that leverages your on-premises to perform identifying, detection and monitoring of your domain controller’s user objects activities and behaviors.
Newly deploy Azure ATP in your environment would take 48 hours to 72 hours for the Azure ATP to study the behaviors of each accounts, but this is also depend how large is your objects in your environment.
Anyway, a bit of side track just now. This blog post objective here is that if you ever encounter the 5 types of attacks, Reconnaissance, Compromised credentials, lateral movements, domain dominance and exfiltration alerts from the Azure ATP.
You may refer to this link here to learn how to remediate and understand how to manage the alerts.