Cloud App Security Integrates with Windows Defender ATP

Enterprises today have an average of 1,100 cloud applications in their organization, with IT unaware of 61% of the cloud services that users access. Sourcing from a cloud app catalog of more than 16,000 applications, Discovery in Microsoft Cloud App Security (MCAS), Microsoft Cloud Access Security Broker (CASB) the solution identifies the cloud apps that are being used in your organization, provides risk assessments, ongoing analytics, and lifecycle management capabilities to control the use.

Microsoft Cloud App Security now uniquely integrates with Windows Defender Advanced Threat Protection (ATP) to enhance the Discovery of Shadow IT in your organization and extend it beyond your corporate network. The integration simplifies the roll-out of Cloud Discovery, extends Cloud Discovery capabilities beyond your corporate network, and enables machine-based investigation. Microsoft Defender Advanced Threat Protection (ATP) is a security platform for intelligent protection, detection, investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.

Integration Highlights

  • Discovery of cloud apps beyond the corporate network from any Windows 10 machine
  • Single-click enablement
  • Machine-based Discovery
  • Deep dive investigation in Windows Defender ATP


Cloud App Security Integrates with Windows Defender Advanced Threat Protection (ATP)

Windows Defender ATP is an integrated part of Windows 10 Enterprise E5. To leverage the existing sensors and send traffic information to Microsoft Cloud App Security, you need to enable this integration via a simple toggle in the Windows Defender Security Center. Windows Defender ATP will then continuously log resource usage from all Windows 10 machines that are onboarded to the service, and report it back to Microsoft Cloud App Security, with signals shared via the Microsoft Intelligent Security Graph.

To get started, admins can go to the Advanced settings page in the Windows Defender Security Center. All you need to do is activate a single button to enable the connection – and MCAS will start pulling the information immediately.

Windows Defender Advanced Threat Protection (ATP) Settings

Microsoft Cloud App Security will then leverage the traffic information from Windows Defender ATP’s log store to surface all relevant details in the Discovery Dashboard and provide relevant insights for discovered apps, users, IP addresses and a new, machine-centric view. Admins now have visibility into the cloud apps that are being accessed, no matter which network the devices are logged into.

Enabling this seamless Cloud App Discovery experience in Microsoft Cloud App Security is the first step in creating a sophisticated lifecycle management approach to help ensure that your organization securely accesses cloud apps and services.

Related Article: