Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories Microsoft 365
Created by Lamont Largie
Created on Oct 2, 2024

Microsoft 365: Defender - ATP Protection Enabled

Metric Name: Microsoft 365: Defender - ATP Protection Enabled

Category: Security

Description: This metric evaluates whether Advanced Threat Protection (ATP) is enabled within Microsoft 365 Defender. It helps ensure that advanced threat prevention and detection mechanisms are active, providing robust protection against malware and phishing attacks.

Purpose: The purpose of this metric is to verify that ATP is enabled, providing an extra layer of security in Microsoft 365 environments. It ensures that organizations are leveraging the full protection offered by Microsoft's advanced security features to mitigate sophisticated threats.

How it works:

  • The metric uses a query (SecureScores.controlScores[?controlName=='mdo_atpprotection'].on) to check the state of the ATP control within Microsoft 365's Secure Score data.

  • If ATP is enabled, the value will be "true," ensuring that the organization is taking advantage of ATP’s protections.

Beneficiaries:

  • IT Administrators: Can quickly verify the security posture of Microsoft 365 instances.

  • Security Teams: Ensure that the advanced defenses like ATP are active, minimizing exposure to phishing, malware, and other threats.

  • Clients: Benefit from enhanced security, leading to fewer service disruptions and greater trust in their organization's IT systems.

Additional Notes:

  • Customization: The query can be adapted to monitor additional security features or alternative security measures by modifying the controlName parameter in the query. For example, monitoring other components of Microsoft's Secure Score could provide a more comprehensive security overview.

  • Why this is valuable: Regular monitoring of ATP ensures that any accidental or malicious changes disabling this protection are detected promptly, helping prevent potential breaches or vulnerabilities.

Query

SecureScores.controlScores[?controlName== 'mdo_atpprotection'].on

  • Attach files