Security analysis with Microsoft Advanced Threat Analytics

Under the Radar

Finding the Correct License

ATA is licensed via the Enterprise Client Access License (CAL) Suite, Enterprise Mobility Suite (EMS), or Enterprise Cloud Suite (ECS). Enterprises will need to contact their Microsoft partner who is best able to plan the licensing details. Basically, you can license ATA by user or by installed device. The price is around $60 per device or $80 per user. However, you only need to license the devices that users access with Active Directory login information.

The number thus mainly depends on two factors: the number of domain controllers on your network, and the number of Active Directory users and computers on the network that the DC needs to authenticate. Although ATA monitors the network for attacks on disabled user accounts, you do not need to license those accounts. If you connect ATA with a SIEM, you do not need a special license for that link.

Enterprises that use the Enterprise Client Access License (ECAL) suite have been able to use ATA free of charge since August 2015. All licenses for ATA are included in the ECAL. Companies that deploy the Enterprise Mobility Suite (EMS) or Enterprise Cloud Suite (ECS) can also use ATA free of charge. However, if you do not have a license for all users of devices with ECAL, EMS, or ECS, you need to purchase ATA CALs for the missing users.

Uninstalling the ATA Center and the ATA gateways is just as easy as installing. If you decide to stop using the solution, simply call the installed program management on the servers involved and uninstall the gateway or Center there – depending on what you want to remove. Afterward, it is a good idea to reboot the remaining servers in the ATA infrastructure so they can parse the new configuration files.


Microsoft Advanced Threat Analytics is an easy-to-use tool that helps you monitor your network security. If you have BYOD-style users with smartphones, tablets, home computers, or multiple workstations spread over various branches, using ATA makes sense.

You do not need a trained security expert to deploy ATA; you simply set up the ATA Center and a gateway. The software immediately starts monitoring and informs you of any suspicious activity. Admins who want to keep their networks as secure as possible but do not have the budget or time for complex security audits would do well to try ATA.

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. Additionally, he writes hands-on books and papers on Windows and other Microsoft topics. Online, you can meet him at

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Targeted attacks on companies
    Watering hole and spear phishing targeted attacks offer the greatest rewards to cybercriminals. Here's how to protect your company from these types of attacks.
  • Managing networks in Windows Server vNext
    We look at a new component in Windows Server vNext – the Network Controller server role.
  • Software-defined networking with Windows Server 2016
    Windows Server 2016 takes a big step toward software-defined networking, with the Network Controller server role handling the centralized management, monitoring, and configuration of network devices and virtual networks. This service can also be controlled with PowerShell and is particularly interesting for Hyper-V infrastructures.
  • New versions of the Endian and Sophos UTM solutions
    UTM systems combat all kinds of dangers under the policy of Unified Threat Management. The demands and expectations of customers fuel competition. Two of the most popular manufacturers – Endian and Sophos – have now released new versions of their solutions.
  • Cyber security for the weakest link
    The balance between IT threats and IT security is woefully unbalanced in a Windows environment, requiring the enforcement of company-wide security standards.
comments powered by Disqus