Forum Discussion
Limit amount of cloud traffic log Defender for endpoint sends
Is there a way to limit the amount of cloud traffic sent from Defender from Endpoint? What I meant is, can I limit the endpoints, or is ALL traffic sent as soon I pull the trigger? This is to jud...
I guess the answer is; when you pull the switch, all traffic is shared with MDCA, based on the following:
* Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers.
* Works out of the box, no configuration required - Forwarding cloud traffic logs to Defender for Cloud Apps requires firewall and proxy server configuration. With the Defender for Endpoint and Defender for Cloud Apps integration, there's no configuration required. Just switch it on in Microsoft 365 Defender settings and you're good to go.
* Device context - Cloud traffic logs lack device context. Defender for Endpoint network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it.
Found at: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration?source=recommendations&view=o365-worldwide
* Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers.
* Works out of the box, no configuration required - Forwarding cloud traffic logs to Defender for Cloud Apps requires firewall and proxy server configuration. With the Defender for Endpoint and Defender for Cloud Apps integration, there's no configuration required. Just switch it on in Microsoft 365 Defender settings and you're good to go.
* Device context - Cloud traffic logs lack device context. Defender for Endpoint network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it.
Found at: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration?source=recommendations&view=o365-worldwide