Try Azure ATP – (Must be part of EMS E5). Trial valid for 90 days.
Azure ATP Frequently asked questions FAQ – This article provides a list of frequently asked questions about Azure ATP and provides insight and answers.
Best Practice & Recommendations
Azure ATP readiness guide – This article provides you with a readiness roadmap that gives you with a list of resources that assist you getting started with Azure Advanced Threat Protection.
Azure ATP Prerequisites – This article describes the requirements for a successful deployment of Azure ATP in your environment.
Deployment and Configuration
Special Use Cases
Configure the proxy – allow ATP sensor to report diagnostic data and communicate with Azure ATP when a computer is usually not permitted to connect to internet.
Configure Windows Event Forwarding – events can be forwarded in case the Azure ATP sensor is not deployed on endpoint
10-2-2018 – How Azure Advanced Threat Protection detects the DCShadow attack – DCShadow attack, discovered by Vincent LE TOUX and Benjamin Delpy, was presented at Microsoft BlueHat-IL in January. After the release of Azure Advanced Threat Protection (Azure ATP), and as part of our ongoing research for developing new detections, we were able to deploy this detection to the Azure ATP sensor.