How do I establish secure communication between ATP (EDR) and AD?

search cancel

book

calendar_today

Endpoint Detection and Response Advanced Threat Protection Platform

Need to enable secure communication between Advanced Threat Protection (ATP) or Endpoint Detection and Response (SEDR) and Active Directory (AD).
Where do I find the required AD certificate?
How do I update the certificate for AD in ATP or EDR?

Endpoint Detection and Response 4.0 or later

Advanced Threat Protection 3.0 or later

You are configuring Active Directory (AD) in EDR so that AD users can login and use the EDR web user interface.
You have configured AD in EDR and you need to renew a certificate that is expiring or has expired.

Log on to the AD server
Click Start > Type MMC and press Enter to open MMC
Click File > Add/Remove Snap-in, click to add certificates to selected snap-ins, select computer account, select local computer, click Finish, click OK.
Expand Certificates > Personal > Certificates
Right click the AD certificate > select All Tasks > click Export
Upload that AD certificate to the AD connection in the SEDR web user interface
1. On the left navigation pane, click
  Settings
  >
  Users
  >
  Active Directory
  .
2. Click
  +Add Domain
  .
3. Check to ensure all fields are filled in correctly according to your environment's configuration
  - IMPORTANT: the NetBIOS name field is required as of SEDR 4.3
4. Check the box to upload or attach the new or updated certificate.

See the Symantec EDR documentation on the Broadcom Support Portal for Integrating Symantec EDR with Microsoft Active Directory
- https://support.broadcom.com/ > Symantec Enterprise Security > Documentation > Endpoint Security and Management > Endpoint Detection and Response (EDR)
See Unable to log in with AD credentials after the update to SEDR 4.3 if you are unable to login using AD credentials.
- https://knowledge.broadcom.com/external/article/176509

thumb_up Yes

thumb_down No