Update 7/25/2016: Updated to reflect some of the new sizing information on the Technet Gallery page Update 4/10/2017: Link to updated tool with automatic sizing recommendation and noting David Bernstein & Benny Lakunishok as the authors. A few weeks ago, Microsoft released a new tool to help with sizing Advanced Threat Analytics (ATA) deployments. For […]

Read More →

Yesterday, Microsoft announced the first Update for ATA that is rolling through Windows Update. You can find the KB details here Symptoms After you run Microsoft Advanced Threat Analytics (ATA) v1.6 for several weeks, the ATA console may display many unexpected suspicious activities of type “Suspicion of identity theft based on abnormal behavior”. If notification […]

Read More →

Last week, Microsoft announced the latest update to Advanced Threat Analytics (ATA) to version 1.6. This adds some notable enhancements, such as: New detections such as Pass-The-Hash and Bruteforce based on unusual protocol behavior Elevation of privileges Reconnaissance via Net Session enumeration Compromised credentials via malicious DPAPI Request Compromised credentials via malicious Replication Requests New […]

Read More →

So while patching our ATA Center and ATA Gateway server, we found that after a reboot, the ATA services weren’t coming back up on our Center box. Seemed that the services were cycling between the Microsoft Advanced Threat Analytics Center and Microsoft Advanced Threat Analytics Gateway services kept trying to start and failed. Looking in […]

Read More →

If you’re currently an Azure AD Premium or Enterprise Mobility Suite (EMS) customer, you may know that you have access to a GREAT cloud-based password reset tool from Microsoft. Recently, Microsoft has changed this experience and we’ll walk through the options, especially the new ability to unlock an account. Please note that password writeback is […]

Read More →

Just yesterday, Microsoft announced the release of Advanced Threat Analytics (ATA) 1.5 here. Prior to this, the previously Microsoft-branded release was version 1.4. With this release comes some new and improved capabilities, such as: Faster detection times. Improved support for small lab and PoC environments. Enhanced automatic algorithm for NAT (network address translation) devices. Enhanced […]

Read More →

Microsoft announced yesterday that its new Advanced Threat Analytics (ATA), which will be part of the Enterprise Mobility (EMS) suite, will be launched in August. ATA was previously Aorato, which Microsoft purchased late last year. ATA provides the following simplified architecture and has 2 major components:   ATA Center Manages ATA Gateway configuration settings Receives […]

Read More →