Microsoft 365 Security Administration:MS-500 Exam Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Setting up an Azure ATP instance

In order to set up Azure ATP for the first time, you must first ensure that you have the required licenses. Azure ATP requires an Enterprise Mobility + Security E5 or Microsoft 365 E5 license in order to function. Azure ATP data centers are set up in the following locations:

  • Europe
  • North America/Central America
  • The Caribbean and Asia

Your Azure ATP instance will be automatically provisioned in the data center that is geographically closest to your Azure AD tenant. To begin setting up Azure ATP, log in to the Azure ATP portal, which can be accessed at https://portal.atp.azure.com, as a global administrator (or with the appropriate Role-Based Access Control (RBAC)) and complete the following steps:

  1. Check to ensure that the domain controller or server can connect to the Azure ATP cloud service endpoints for the appropriate regions. These are as follows:

    https://triprd1wceuw1sensorapi.atp.azure.com (for Europe)

    https://triprd1wcuse1sensorapi.atp.azure.com (for the US)

    https://triprd1wcasse1sensorapi.atp.azure.com (for Asia)

  2. Click Create, as in the following screenshot:

    Figure 6.2 – The Azure ATP welcome screen

  3. Next, select the Provide a username and password option to connect to your on-premises AD forest, as follows:

    Figure 6.3 – Providing a username and password

  4. Enter the administrative credentials for AD into the Directory Services dialogue box, as shown:

    Figure 6.4 – Entering the on-premises credentials

  5. Once you have entered your credentials, click Save.
  6. Now, we need to download and install the sensor setup to your first domain controller. Click Download Sensor Setup, as in the following screenshot:

    Figure 6.5 – Downloading the sensor setup

  7. Click Download and save the ZIP file to a location where you will be able to access it to install the sensor to your domain controller. You will also need to copy your access key as this will also be required during setup:

    Important note

    Should you ever need to regenerate your access key, as in the following screenshot, you can do so without affecting the previous Azure ATP sensor installations.

    Figure 6.6 – Sensors

  8. Next, from your domain controller or dedicated server, extract the installation files from the ZIP file that you saved in Step 6, then run the setup.exe Azure ATP sensor to start the installation wizard. You will see the following:

    Figure 6.7 – Choosing the language

  9. Select your chosen language and click Next. This will take you to the following screen. The wizard will detect whether you are installing the sensor to a domain controller or a dedicated server. Click Next again:

    Figure 6.8 – Sensor deployment type

    Choose the installation path, as in the following screenshot. The wizard will alert you, at this point, if any of the prerequisites for installing the sensor are not met, such as insufficient disk space:

    Figure 6.9 – Configuring the sensor

  10. Click Install and the installation will start, as follows:

    Figure 6.10 – Installation progress

  11. When the installation is complete, you will see the following message. Click Finish to complete the setup wizard:

    Figure 6.11 – Installation is complete

  12. Once the wizard has completed, you can click on Sensors from the Configuration menu of the Azure ATP portal and you will see the first installed sensor, as in the following screenshot:

Figure 6.12 – Sensors

The preceding steps complete the initial setup of your Azure ATP instance. Should you need more sensors, you can repeat the preceding steps to do so.

Important note

It is possible to install a sensor onto both a domain controller and a dedicated server. When you deploy a sensor to a domain controller, it is installed as an Azure ATP sensor. However, when you deploy a sensor to a dedicated server and use port mirroring, it is installed as an Azure ATP standalone sensor.

Additional configuration options

By logging into the Azure ATP portal at https://portal.atp.azure.com and choosing the Configuration tab in the left menu, you can see all of the configuration options available to you within Azure ATP, as shown:

Figure 6.13 – The configuration options

The Configuration section is pided into the following sub-sections:

  • System
  • Data Sources
  • Detection
  • Notifications and Reports
  • Preview
  • Admin

    Important note

    Depending on your organizational requirements for Azure ATP, you may not need to configure all of the features within the preceding sub-sections. However, it is recommended that you familiarize yourself with all of the available options as you may be tested on these in the MS-500 exam.

So, we have now configured our Azure ATP instance and deployed the first Azure ATP sensor to a domain controller. Now that we have Azure ATP up and running in a basic form, we will look at how you can manage your Azure ATP instance and carry out monitoring and reporting tasks.

上一章目录下一章