Hi @m_nicholls 

 

Your directory service account will need read access to all objects in the monitored domains.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step2#prerequisites

 

Yes, one account will work with: exampledomain.com &  child.exampledomain.com

 

If you also have a multi-forest environment with a two-way trust, you still only need one account. 

 

Additional credentials are only required for each forest with non-Kerberos trust or no trust.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-multi-forest

 

 

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE