Applies to: Azure Advanced Threat Protection

Install Azure ATP - Step 4

Step 4. Install the Azure ATP sensor


Make sure Microsoft .Net Framework 4.7 is installed on the machine. If .Net Framework 4.7 is not installed, the Azure ATP sensor setup package installs it, which may require a reboot of the server.

Perform the following steps on the domain controller.

  1. Verify the machine has connectivity to the relevant Azure ATP cloud service endpoint(s):

  2. Extract the installation files from the zip file.


    Installing directly from the zip file fails.

  3. Run Azure ATP sensor setup.exe and follow the setup wizard.

  4. On the Welcome page, select your language and click Next.

    Azure ATP standalone sensor installation language

  5. The installation wizard automatically checks if the server is a domain controller or a dedicated server. If it is a domain controller, the Azure ATP sensor is installed, if it is a dedicated server, the Azure ATP standalone sensor is installed.

    For example, for an Azure ATP standalone sensor, the following screen is displayed to let you know that an Azure ATP standalone sensor is installed on your dedicated server:

    Azure ATP standalone sensor installation

    Click Next.


    If the domain controller or dedicated server does not meet the minimum hardware requirements for the installation, you receive a warning. This does not prevent you from clicking Next and proceeding with installation. This might be the right option for installation of Azure ATP in a small lab test environment in which you don't need as much room for data storage. For production environments, it is highly recommended to work with Azure ATP's capacity planning guide to make sure your domain controllers or dedicated servers meet the necessary requirements.

  6. Under Configure the sensor, enter the installation path and the access key that you copied from the previous step, based on your environment:

    Azure ATP standalone sensor configuration image

    • Installation Path: This is the location where the Azure ATP standalone sensor is installed. By default this is %programfiles%\Azure Advanced Threat Protection sensor. Leave the default value.

    • Access key: This is retrieved from the Azure ATP portal in the previous step.

  7. Click Install. The following components are installed and configured during the installation of the Azure ATP sensor:

    • KB 3047154 (for Windows Server 2012 R2 only)


      • Do not install KB 3047154 on a virtualization host (the host that is running the virtualization, it is fine to run it on a virtual machine). This may cause port mirroring to stop working properly.
      • If Wireshark is installed on the ATP sensor machine, after you run Wireshark you need to restart the ATP sensor, because it uses the same drivers.
    • Azure ATP sensor service and Azure ATP sensor updater service

    • Microsoft Visual C++ 2013 Redistributable
  8. After the installation completes, click Launch to open your browser and log in to the Azure ATP portal.

See Also