How to Migrate Advanced Threat Analytics (ATA) to Microsoft Defender for Identity?

Microsoft Advanced Threat Analytics (ATA) was launched in 2015 to protect organizations from identity-based attacks in on-premises environments. While it has been receiving several updates over the years, the nature and requirements of security have changed as the sophistication, frequency, and severity of cyber-attacks continue to increase. Consequently, Microsoft ended the mainstream support for the service on January 12, 2021, but will continue to provide Extended Support till January 2026. Microsoft has replaced Azure Advanced Threat Protection with Microsoft Defender for Identity for identifying, detecting and investigating advanced threats, compromised identities, and malicious insider actions. In this article, we will focus on Advanced Threat Analytics to Microsoft Defender for Identity migration.

How to Migrate from Advanced Threat Analytics to Microsoft Defender for Identity?

It is possible to switch from any version of ATA to Defender for Identity. However, it is not possible to data from Advanced Threat Analytics to Microsoft Defender for Identity. Follow the steps below to migrate Advanced Threat Analytics to Microsoft Defender for Identity.

Creating and installing Defender for Identity instance and sensors

The Defender for Identity instance can be created after the sensor and environment requirements are fulfilled.

• Launch the Defender for Identity portal and log in with an Azure Active Directory user account.
• Click on Create. On clicking the create button, an instance with the Azure AD fully qualified domain name is created in the nearest data center.
• Navigate to Configuration>Manage role groups>Azure AD Admin Center to manage the role groups.
• Uninstall the ATA Lightweight Gateway replace it with the Defender for Identity Sensor on each domain controller.

Configuring and validating Defender for Identity instance

After installing the Defender for Identity instance, the sensors will have to be configured to start seeing data. Follow the steps below to configure the sensor settings for Defender for Identity.

• Log in to Defender for Identity portal and navigate to Configuration>System>Sensors.
• Select the sensor to be configured and provide the description and domain controllers (FQDN) details.
• The domain controllers that are to be monitored by Defender for Identity standalone sensor must be listed in the Domain Controllers list, and one domain controller must be a global catalog.
• If the Defender for Identity standalone sensor is used on a dedicated server, select the network adapters that are configured as the destination mirror port. However, all network adapters that are used for communication with other computers within the organization need to be selected for Defender for Identity sensors.
• Click on Save and validate the deployment.

Apps4Rent Can Help with ATA to Microsoft Defender for Identity Migration

Migrating from Advanced Threat Analytics to Microsoft Defender for Identity requires a significant amount of planning, especially if exclusions also have to be migrated. Also, the sequence of tasks to be performed is important to ensure comprehensive protection. As Microsoft Gold Partner for Cloud Platform and Cloud Productivity competencies, Apps4Rent can help with Defender for Identity licensing, migration, and configuration, along with other managed Azure services. Call, chat, or email our Microsoft-certified cloud consultants available 24/7 for assistance.