It’s worth bringing up that big companies have separate teams for defense management and Identity administration. If you go together with Azure ATP sensor option, then the identification management team needs to do the sensor deployment, and troubleshoot if the service gets stopped, as the security team doesn’t have domain admin rights to do such operations on the domain controllers. In my case, I want the security team to manage the entire deployment and maintenance of the ATP solution, so I opt to give them admin right on the Azure ATP standalone sensor server and go along with option 2 of the Azure advanced threat protection deployment options. Why do you need a dedicated Azure ATP standalone sensor server per DC?why you don’t deploy one Azure ATP standalone for your two domain controllers in case you have two DCs during this site?Let us analyze the picture below and examine the condition. In this knowledge center we now have two domain controllers and a VMware cluster with four hosts.
Now if DC1, DC2 and the Azure standalone sensor server are all hosted on VMware Host 1, then you can configure port mirroring in order that traffic coming from DC1 and DC2 are sent to the Azure standalone sensor server, but if DC2 as an example is to be moved to VMware Host 2, then you definitely cannot do port mirroring so that DC2 can send the traffic to the sensor server found in various VMware Host. CISSP, CISM, Microsoft MVP, Book Author, International Speaker, Pluralsight Author. Ammar has been working in guidance era for over 15 years. Ammar is a cloud architect focusing on Azure platform, Microsoft 365, and cloud safety. As a Microsoft MVP, tech group founder, and overseas speaker. Ammar has helped big businesses digitally transform, migrate workloads to the cloud, and enforce threat coverage and safety answers across the globe.
Ammar shares his talents in his professional blog and he often speaks at local neighborhood events and overseas conferences like Microsoft Ignite and SharePoint Saturday. His passion for generation and cloud computing makes him a reference for both cloud architecture and safety best practices.