Logically, solutions other the Azure ATP might require that GPO, hence, your LOB apps might break if another app enables it so we suggest that you identity and add all required accounts into that policy to avoid "breaking" things. This does take some effort but the lateral movement paths feature is a very important feature for Azure ATP (and about to get even bigger, stay tuned!)


Hope this helps



We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE