Applies to: Advanced Threat Analytics version 1.9

Install ATA - Step 1

This installation procedure provides instructions for performing a fresh installation of ATA 1.9. For information on updating an existing ATA deployment from an earlier version, see the ATA migration guide for version 1.9.


If using Windows 2012 R2, you can install KB2934520 on the ATA Center server and on the ATA Gateway servers before beginning installation, otherwise the ATA installation installs this update and requires a restart in the middle of the ATA installation.

Step 1. Download and Install the ATA Center

After you have verified that the server meets the requirements, you can proceed with the installation of the ATA Center.


If you acquired a license for Enterprise Mobility + Security (EMS) directly via the Office 365 portal or through the Cloud Solution Partner (CSP) licensing model and you do not have access to ATA through the Microsoft Volume Licensing Center (VLSC), contact Microsoft Customer Support to obtain the process to activate Advanced Threat Analytics (ATA).

Perform the following steps on the ATA Center server.

  1. Download ATA from the Microsoft Volume Licensing Service Center or from the TechNet Evaluation Center or from MSDN.

  2. Log in to the computer on to which you are installing the ATA Center as a user who is a member of the local administrators group.

  3. Run Microsoft ATA Center Setup.EXE and follow the setup wizard.


Make sure to run the installation file from a local drive and not from a mounted ISO file to avoid issues in case a reboot is required as part of the installation.

  1. If Microsoft .Net Framework is not installed, you are prompted to install it when you start installation. You may be prompted to reboot after .NET Framework installation.
  2. On the Welcome page, select the language to be used for the ATA installation screens and click Next.

  3. Read the Microsoft Software License Terms and if you accept the terms, click the check box, and then click Next.

  4. It is recommended that you set ATA to update automatically. If Windows isn't set to do this on your computer, you get the Use Microsoft Update to help keep your computer secure and up to date screen. Keep ATA up to date image

  5. Select Use Microsoft Update when I check for updates (recommended). This adjusts the Windows settings to enable updates for other Microsoft products (including ATA), as seen here.

    Windows auto-update image

  6. On the Configure the Center page, enter the following information based on your environment:

    Field Description Comments
    Installation Path This is the location where the ATA Center is installed. By default this is %programfiles%\Microsoft Advanced Threat Analytics\Center Leave the default value
    Database Data Path This is the location where the MongoDB database files are located. By default this is %programfiles%\Microsoft Advanced Threat Analytics\Center\MongoDB\bin\data Change the location to a place where you have room to grow based on your sizing. Note:
    • In production environments, you should use a drive that has enough space based on capacity planning.
    • For large deployments the database should be on a separate physical disk.
    See ATA capacity planning for sizing information.
    Center Service SSL Certificate This is the certificate that is used by the ATA Console and ATA Center service. Click the key icon to select a certificate installed or check self-signed certificate when deploying in a lab environment. You have the option to create a self-signed certificate.

    ATA center configuration image

  7. Click Install to install the ATA Center and its components. The following components are installed and configured during the installation of ATA Center:

    • ATA Center service

    • MongoDB

    • Custom Performance Monitor data collection set

    • Self-signed certificates (if selected during the installation)

  8. When the installation completes, click Launch to open the ATA Console and complete setup on the Configuration page. At this point, you will be brought automatically to the General settings page to continue the configuration and the deployment of the ATA Gateways. Because you are logging into the site using an IP address, you receive a warning related to the certificate, this is normal and you should click Continue to this website.

Validate installation

  1. Check to see that the service named Microsoft Advanced Threat Analytics Center is running.
  2. On the desktop, click the Microsoft Advanced Threat Analytics shortcut to connect to the ATA Console. Log in with the same user credentials that you used to install the ATA Center.

Set anti-virus exclusions

After installing the ATA Center you should exclude the MongoDB database directory from being continuously scanned by your anti-virus application. The default location in the database is: C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin\data.

See Also