This article assumes you know about the threat protection services
We are going to talk about the integration for all the services with the Defender ATP
First, we must talk about the Microsoft advanced threat protection services
Table of contents
- Microsoft Threat protection services overview
- What is MDATP
- Integration between MDATP and the MTP services
- Enable the integration from MDATP
- Integration with ATP
- Integration with o365 ATP
-
CAS integration with MDATP
Terminologies used
- MTP (Microsoft threat protection services)
- MDATP(Microsoft defender Advanced threat Protection)
- CAS (Cloud APP Security)
- ATA (Advanced threat Analytics)
- ATP (Advanced threat protection)
Microsoft Threat Protection services are pre and post enterprise defense
- detect risks
- Investigate threats
- prevent harmful activities
- and response
across
- endpoint
- emails
- identities
- application
- 3rd party applications
More details will be found in the following link
Microsoft Threat Protection services
The most difficult part now on Microsoft cloud platforms is where
So all the Admin centers will be located in the admin portal under all admin centers
MDATP
Is responsible for the endpoint part and for the post breach detection.
It is an endpoint security clouding platform depending on combination of technologies
First the windows 10 sensors collected and analyzed then sends the sensors collected data to MDATP
It also uses big data analysis and device learning techniques across the clouding systems like office 365
Components used by MDATP
How to integrate with MTP service for further investigation
MDATP Integrate with
- Azure ATP
- Office 365 ATP
- Cloud App security
- Azure Information protection
The following is an example of integration
Enable the integration from MDATP
Settings —— Advanced features
For (Azure ATP, office 365 threat intelligence, Cloud app security, AIP)
Integrate Azure ATP with Microsoft Defender ATP
For additional investigation about compromised accounts investigation and related resources
2 steps
From ATP go to settings —– windows defender ATP on
From MDATP go to settings — Advanced features —–enable azure ATP on
office 365 ATP integration
More investigation about for example a list of machines used by malicious emails
Go to https://protection.office.com/homepage
Threat management—- explorer
Integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection
CAS integration with MDATP
https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration
Go to cloud app security —- settings —— Microsoft defender ATP the block unsanctioned apps
Now you can investigate machine in cloud app security
Machine risk level
Transactions
Total traffic
Downloads
Discovered apps
User history