Image by Kaitlyn Baker

Azure Advanced Threat Protection

Azure Advanced Threat Protection

Azure Advanced Threat Protection is a security solution that helps to detect and investigate advanced attacks and insider threats across on-premises, cloud, and hybrid environments, stopping attackers from gaining access to your system. Azure ATP takes information from multiple data-sources, such as logs and events in your network, to learn the behavior of users and other entities in the organization and build a behavioral profile about them.

What Does Azure ATP Do?

Azure ATP technology detects multiple suspicious activities, focusing on several phases of the cyber-attack kill chain including:


Lateral movement cycle, during which an attacker invests time and effort in spreading their attack surface inside your network.


Reconnaissance, during which attackers gather information on how the environment is built, what the different assets are, and which entities exist. They are generally building their plan for the next phases of the attack.


Domain dominance (persistence), during which an attacker captures the information allowing them to resume their campaign using various sets of entry points, credentials, and techniques.

Image by freestocks
Image by NESA by Makers

The Top Four Benefits of Azure ATP:

  1. Azure ATP helps you to identify and track any malicious activities in your environment, including Pass-the-Ticket, Pass-the-Hash, horizontal or vertical brute force attacks, DNS reconnaissance, unusual protocols, malicious service creation, and others.

  2. Azure ATP protects your organization from both known and unknown attack vectors before they cause damage to your organization.

  3. Azure ATP focuses on several phases of the cyber-attack kill chain, including reconnaissance, lateral movement cycle, and domain dominance, and detects advanced attacks and insider threats before they can cause damage to your organization.

  4. Azure ATP allows you to install decoy accounts that are set up for the sole purpose of identifying and tracking malicious activity – within your network.

Azure Advanced Threat Protection