Azure ATP vs ATA,
There seems to be a lot of confusion around where Azure Advanced Threat Protection sits within the Microsoft Portfolio and how it compares to Advanced Threat Analytics (I was certainly confused).
Firstly and most confusingly (is that a word?) there are 3 THREE different ATP products:
- Windows Defender Advanced Threat Protection: Allows IT Admins to view Advanced Persistent Malware in an Enterprise network post breach scenario (what malware is there, what it is doing/what it did and actions to take)
- Azure Advanced Threat Protection: Allows IT Admins to monitor hackers/attackers who are inside a network (not malware), what they are doing/what they did and actions to take. Monitors PtH attacks, persistence, golden tickets etc.
- Office 365 Advanced Threat Protection: Detects and dynamically blocks malware laden emails – what malware it is, what it did/what it tried to do and who received the email etc.
The middle one Azure Advanced Threat Protection is the “new” one which is a cloud version for the on-premises Advanced Threat Analytics or ATA.
It remains to be seen what will happen to ATA but at the time of writing ATA is available to customers who are licensed for EMS E3 but Azure ATP is only available to customers licensed for EMS E5.
The license uplift requirement for limited functionality gain is probably enough to put most current ATA customers off migrating for now.