Window Defender ATP (MDATP) integration with Advanced threat protection services

Karim Zaki, ,

This article assumes you know about the threat protection services

We are going to talk about the integration for all the services with the Defender ATP

First, we must talk about the Microsoft advanced threat protection services


Table of contents

  • Microsoft Threat protection services overview
  • What is MDATP
  • Integration between MDATP and the MTP services
  • Enable the integration from MDATP
  • Integration with ATP
  • Integration with o365 ATP
  • CAS integration with MDATP

Terminologies used

  • MTP (Microsoft threat protection services)
  • MDATP(Microsoft defender Advanced threat Protection)
  • CAS (Cloud APP Security)
  • ATA (Advanced threat Analytics)
  • ATP (Advanced threat protection)

Microsoft Threat Protection services are pre and post enterprise defense

  • detect risks
  • Investigate threats
  • prevent harmful activities
  • and response

across

  • endpoint
  • emails
  • identities
  • application
  • 3rd party applications

More details will be found in the following link

Microsoft Threat Protection services

The most difficult part now on Microsoft cloud platforms is where

So all the Admin centers will be located in the admin portal under all admin centers

Admin Portal

MDATP

Is responsible for the endpoint part and for the post breach detection.

It is an endpoint security clouding platform depending on combination of technologies

First the windows 10 sensors collected and analyzed then sends the sensors collected data to MDATP

It also uses big data analysis and device learning techniques across the clouding systems like office 365

Components used by MDATP

How to integrate with MTP service for further investigation

MDATP Integrate with

  • Azure ATP
  • Office 365 ATP
  • Cloud App security
  • Azure Information protection

The following is an example of integration

Enable the integration from MDATP

Settings —— Advanced features

For (Azure ATP, office 365 threat intelligence, Cloud app security, AIP)

Integrate Azure ATP with Microsoft Defender ATP

For additional investigation about compromised accounts investigation and related resources

2 steps

From ATP go to settings —– windows defender ATP on

From MDATP go to settings — Advanced features —–enable azure ATP on

office 365 ATP integration

More investigation about for example a list of machines used by malicious emails

Go to https://protection.office.com/homepage

Threat management—- explorer

Integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection

CAS integration with MDATP

https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration

Go to cloud app security —- settings —— Microsoft defender ATP the block unsanctioned apps

Now you can investigate machine in cloud app security

Machine risk level

Transactions

Total traffic

Downloads

Discovered apps

User history

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.