Forum Discussion

Dan Michelson's avatar
Dan Michelson
Icon for Microsoft rankMicrosoft
Apr 14, 2019

MDATP & Cloud App Security Integration

Native support for the discovery of Shadow IT One-click integration of Microsoft Cloud App Security with MDATP Overview At RSA, RSA is the world’s largest cybersecurity conference, we announced...
AlexMags's avatar
AlexMags
Copper Contributor
Jun 04, 2020

Hi Dan Michelson . Is MDATP integration with MCAS still not supported with proxies?

"If the endpoint device is behind a forward proxy, traffic data will not be visible to Microsoft Defender ATP and hence will not be included in Cloud Discovery reports"

https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#how-to-integrate-microsoft-defender-atp-with-cloud-app-security

We have MDATP deployed, network protection in audit mode endabled, MCAS integration enabled.  We don't see any traffic to some known cloud apps this way. Though the apps do appear in MDATP Advanced Hunting they don't make it to MCAS.

In parallel we have some proxy log forwarding.  The apps that MDATP doesn't forward to MCAS appear via MCAS log collector. The integration seems unreliable when theres proxies. The data is in MDATP but it's not forwared to MCAS correctly.

Resources