This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 60%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
My ATA Lateral Movement detection scheduled report is empty. It seems to not have the right permissions.
The group policy "Network access: Restrict clients allowed to make remote calls to SAM" is not configured right now - I understand that is the most lenient setting and should allow ATA in? Port 445 is also allowed.
@Alistair Nelson its not a big deal, if there is no lateral movement in your environment you will receive empty email without attachment
ie Lateral movement paths to sensitive accounts or Cleartext passwords exposed using unencrypted LDAP authentications report etc
make sure you are part of "Microsoft Advanced Threat Analytics Administrators" group in ATA server
to check the report from ATA login at ATALOGINURL/reports and follow the below
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 77%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Did you go over this already ?
https://learn.microsoft.com/en-us/defender-for-identity/install-step8-samr