Ask yourself:

  • Although your users are synched, can someone compromise one of them to go after a more privileged one or access confidential resources internally?
  • Is there internal user behavior that i wish to monitor?
  • Do i want to augment what Azure AD identity protection finds, or WDATP, or MCAS etc.
  • Do i have VPN Servers that i need to monitor for abnormal user access
  • should my on-premise identity infrastructure can be used against me

If you answered yes to any, than you probably need Azure ATP...



We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE