Azure Advanced Threat Protection (ATA in the cloud)

Welcome! You can use this site to give feedback directly to our engineering teams that build the security products you rely on. You can suggest features or design changes, and vote on suggestions others have made. If you would like to further engage our engineering teams, please join our Security Community by visiting https://aka.ms/SecurityCommunity.

To learn more about Azure Advanced Threat Protection, visit this blog post.

How can we improve Microsoft?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Add support for Azure AD Domain Services

    I just decommissioned the Active Directory at a customer, but they would still like to have Azure ATP for the newly deployed Azure AD Domain Services :)

    Please consider this as a feature in the future

    7 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      4 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →

      Please see the previous commend on this for more information. We are actively working on this although it won’t be Azure ATP’s job to get data in from Azure AD, it is Azure AD Identity Protection Center’s (AAD IPC; aka “AAD P2”) job. We are unifying portals to give you one portal for all Identity visibility/detections/hygiene/investigation experience.

    • Azure ATP Not Monitoring Password Change Failures

      Currently Azure ATP doesn't seem to monitor password change failures (in our case, as initiated from the ADFS password change page). We can see the password change failure in the ADFS logs but no corresponding log entry in Azure ATP.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
      • Add a mechanism to View Azure ATP Audit Logs (similar to ATA Center audit logs)

        Add a mechanism to allow users to view auditing logs of Azure ATP, similar to the information that shows up at ATA Center audit logs. (https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshoot-audit)

        May be audit logs can be shipped to SIEM solution, or Azure Log Analytics.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
        • Add Alerts Search feature

          Currently, ATP can Search Computer, User, Group object.
          Additionally, We'd like to search any Alerts.

          e.g.
          If a user is attacked, We want to extract the users who may be derived from the user or the users who were attacked by the target.
          It will be useful notification.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  I am an employee of Microsoft  ·  Flag idea as inappropriate…  ·  Admin →
          • Integrate natively with Log Analytics

            Currently, Azure ATA doesn't integrate natively with Log Analytics the way ATA does. See https://www.yammer.com/azureadvisors/threads/1082336424

            11 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
            • Add integration with RSA SecureID RADIUS servers

              RSA SecureID is used for authentication extensively as part of MFA. Look at integrating RADIUS events from RSA servers

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
              • Expose underlying data for search, report & hunting

                It would be great if Azure ATP (and ATA) would have similar capabilities where underlying "raw" data is searchable and can be used for search, reporting & malware hunting ...

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                • Observer Azure AD with Azure ATP

                  Please enhance Azure ATP to also monitor Azure Active Directory in Addition to local Active Directory. Also monitoring Azure AD standalone via Azure ATP may be interesting.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                  • Change the product's name

                    The product's current name ("Azure Advanced Threat Protection") is confusing, because it doesn't make it clear that it's the cloud version of Advanced Threat Analytics. The name should be changed to "Advanced Threat Analytics in the Cloud" or something that similarly makes it more obvious that it's the cloud version of ATA.

                    11 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                    • Support comments on alerts

                      I'd like to be able to add comments to an alert to explain to team members why it was closed/suppressed/excluded, or just to discuss the alert. Bonus points for supporting @ mentions!

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                      • ERSPAN should be supported soon

                        Port mirroring would be our preferred solution instead of installing an additional agent (which may force performance leaks) on Domain Controllers. As ERSPAN is not supported yet, the agent installation is the only way to use ATA / ATP within a larger environment.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  I am a customer  ·  Flag idea as inappropriate…  ·  Admin →
                        • Combine Azure estate telemetry to further enhance ATP capability

                          Combine the telemetry of ATA/Azure ATP with other data from AAD, Intune, and Windows 10 to provide mapping capabilities of users and device, with historical tracking as the user activity changes across devices, applications, group membership etc.

                          3 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  I am a partner  ·  Flag idea as inappropriate…  ·  Admin →
                          • Don't see your idea?

                          Azure Advanced Threat Protection (ATA in the cloud)

                          Feedback and Knowledge Base