Forum Discussion
Depricated MDI ATP Portal - Scheduled reports
Hello, I see that the Classic ATP (atp.azure.com) will be redirecting to the Security portal. However I'm curious about the Scheduled reports we have set up for Lateral movements and Summary. I don...
SergioT1228 You're correct that Azure Advanced Threat Protection (ATP) is now integrated into the Microsoft Defender for Identity within the Microsoft 365 Defender portal (security.microsoft.com). While the transition brings many new features and an improved user experience, there might be some differences in the available reports.
To view the reports related to lateral movement and summary in the Microsoft 365 Defender portal, follow these steps:
1- Go to the Microsoft 365 Defender portal (security.microsoft.com) and sign in with your credentials.
2- In the left navigation pane, click on Incidents & alerts.
3- You can apply filters to focus on specific alerts related to lateral movement paths, such as Suspicious lateral movement using remote execution, Pass-the-Ticket, or Pass-the-Hash.
You can also investigate specific entities (users, devices, etc.) and view the relevant information about them.
Unfortunately, as of now, there isn't a direct way to schedule reports like the ones you had in Azure ATP within the Microsoft 365 Defender portal. However, you can leverage the Microsoft Graph Security API to create custom reports and schedule them as needed.
To use the Microsoft Graph Security API:
1- Register an application in Azure AD and grant the necessary permissions.
2- Use the API to fetch alerts and related information from the Microsoft 365 Defender portal.
3- Create custom reports using the fetched data and schedule them to be sent via email or any other preferred method.
To view the reports related to lateral movement and summary in the Microsoft 365 Defender portal, follow these steps:
1- Go to the Microsoft 365 Defender portal (security.microsoft.com) and sign in with your credentials.
2- In the left navigation pane, click on Incidents & alerts.
3- You can apply filters to focus on specific alerts related to lateral movement paths, such as Suspicious lateral movement using remote execution, Pass-the-Ticket, or Pass-the-Hash.
You can also investigate specific entities (users, devices, etc.) and view the relevant information about them.
Unfortunately, as of now, there isn't a direct way to schedule reports like the ones you had in Azure ATP within the Microsoft 365 Defender portal. However, you can leverage the Microsoft Graph Security API to create custom reports and schedule them as needed.
To use the Microsoft Graph Security API:
1- Register an application in Azure AD and grant the necessary permissions.
2- Use the API to fetch alerts and related information from the Microsoft 365 Defender portal.
3- Create custom reports using the fetched data and schedule them to be sent via email or any other preferred method.
josequintino I am a little stunned that Microsoft are just yanking [very used] features away, and think that is acceptable. I see the portal notice (saying Jan 31) is now replaced with July 31 - surely that is time enough to get a satisfactory solution in place ? Atleast expand on this and come up with something workable for all of your customers, and not making us do the work:
"To use the Microsoft Graph Security API:
1- Register an application in Azure AD and grant the necessary permissions.
2- Use the API to fetch alerts and related information from the Microsoft 365 Defender portal.
3- Create custom reports using the fetched data and schedule them to be sent via email or any other preferred method."It just seems like you are dropping a lot of the good features that we purchased Azure ATP (MDI) for
- Hello @StuartH I understand your concerns regarding Microsoft's decision to remove certain features from Azure ATP (MDI). While I am not a Microsoft representative, I can attempt to provide some context and potential suggestions for addressing these changes.
Firstly, it's important to acknowledge that technology companies like Microsoft often make decisions to remove, modify, or replace features based on factors like market demand, product strategy, or shifting priorities. While these decisions can be frustrating for customers, they are usually made with the goal of improving the overall product experience.
Regarding the Microsoft Graph Security API, the three steps you mentioned can help you continue accessing the features you need:
1- Registering an application in Azure AD and granting permissions: This is a one-time setup process that enables your application to interact with the Microsoft Graph Security API. You can follow Microsoft's official documentation to guide you through this process.
2- Fetching alerts and related information: With your application registered and permissions granted, you can use the API to fetch alerts and related data from the Microsoft 365 Defender portal. This will allow you to continue monitoring your environment and taking necessary actions to ensure security.
3- Creating custom reports: You can use the fetched data to create custom reports tailored to your organization's needs. This way, you can maintain visibility and control over the aspects that are most important to you.
While these steps do require some additional work from your end, they provide a way to adapt to the changes introduced by Microsoft. Additionally, consider reaching out to Microsoft Support for further assistance and providing feedback on your concerns. This can help Microsoft understand the needs of their customers and potentially make changes based on this feedback.
In the meantime, you might explore alternative solutions or third-party tools that could help you achieve your desired functionality with Azure ATP (MDI).
