Skip to content

Enterprise Mobility + Security


Introducing Azure Advanced Threat Protection

The recent years have witnessed a distinct and consistent escalation in cyberattacks’ scope, scale, and sophistication, impacting organizations across all verticals and locations. This escalation is manifested not only in increasing proliferation of threat-actor groups, but also in the diversity of the utilized attack Tools Techniques and Procedures (TTPs), ranging from zero-day exploits to weaponized...

Read more


Active Directory Access Control List – Attacks and Defense

Recently there has been a lot of attention and a few different blog posts (references at the end of the post) regarding the use of Discretionary Access Control List (DACL) for privilege escalation in a Domain environment. This potential attack vector involves the creation of an escalation path based in AD object permissions (DACLs). For...

Read more


How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 6

The General Data Protection Regulation (GDPR) strengthens the right of individuals in the European Union (EU) to control their personal data and requires organizations to bolster their privacy and data protection measures. Enterprise Mobility + Security (EMS) technologies may help you meet these new requirements. In the whitepaper “Beginning Your GDPR Journey,” we introduced five...

Read more


Introducing Microsoft Advanced Threat Analytics v1.8!

We are pleased to announce the general availability of Microsoft Advanced Threat Analytics (ATA) v1.8. This is a key release for our customers with several new features and improvements. Cyberattacks continue to get more sophisticated, and so in turn, we must continue to tune our products and detections. As a leading solution in the user...

Read more


Automate Advanced Threat Analytics Lightweight Gateway deployment with Powershell

Guest post by Cathy Smith, Senior Consultant, Cybersecurity Group. This blog discusses an open-source project that Cathy leads that automates ATA Lightweight deployment with Powershell. We are happy to share this project and encourage the ATA ecosystem to contribute here! Advanced Threat Analytics (ATA) Version 1.6 introduced a new deployment option, the ATA Lightweight Gateway,...

Read more


How to simulate and detect attacks with the Advanced Threat Analytics Playbook

One of the biggest pieces of feedback the Advanced Threat Analytics (ATA) team has received is a request for a clear, easy way to simulate attacks and see how ATA detects them. So that’s exactly what we did. We’ve written a playbook that contains: A step-by-step guide to simulating different techniques used in real-world advanced attack...

Read more


Ransomware lateral movement, and how Microsoft Advanced Threat Analytics can help

This post is authored by Arbel Zinger, Program Manager, Advanced Threat Analytics Product Team Companies across the globe were affected by an increased amount of ransomware attacks that caused an estimated damage of $1 billion. Ransomware attacks are becoming more powerful and crafty to force victims to pay their ransoms. Ransomware is now looking for...

Read more

Introducing Microsoft Advanced Threat Analytics for your Datacenter

Introducing Microsoft Advanced Threat Analytics for your Datacenter

This post was authored by Michael Dubinsky, Senior Program Manager, Microsoft Advanced Threat Analytics. On today’s episode of Microsoft Mechanics we take a look at how Microsoft Advanced Threat Analytics (ATA) detects advanced attacks and insider threats in your environment. My name is Michael Dubinsky, and I lead the product team for Microsoft ATA. In...

Read more

Understanding ATA Suspicious Activity Alerts

Advanced Threat Analytics (ATA) detects a variety of suspicious activities (SA) in different phases of the attack-kill-chain. The information appears in the ATA console in a clear and efficient social network-type timeline that helps the security admin filter out noise to identify actual suspicious activities. ATA only raises alerts once it has aggregated suspicious activities...

Read more