Azure Security Center and MCAS

milchl · ‎Jul 07 2020

We would like to underrated if alerts in Azure Security Center and MCAS are related. For example MCAS alert: Impossible travel activity and Azure Unfamiliar sign-in properties or Atypical travel. The issue for us is to monitor both environments for these same activities. There is more examples I can add but first, we need to understand if we can concentrate on MCAS only and do not lose any visibility.

Dean Gross · ‎Jul 10 2020

It depends on the alerts, MCAS integrates with AAD Identity Protection to provide a consistent monitoring of impossible travel, see https://docs.microsoft.com/en-us/cloud-app-security/aadip-integration and with Azure ATP to monitor unexpected user behavior on your networks, see https://docs.microsoft.com/en-us/cloud-app-security/aatp-integration
. ASC monitors a lot of events from your azure subscriptions that are not shown in MCAS, . You can use Azure Sentinel to monitor MCAS and ASC in one place. see https://docs.microsoft.com/en-us/cloud-app-security/siem-sentinel to get started or get my colleagues book https://www.amazon.com/dp/B0859C7L1G/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1 @Gary Bushey

milchl · ‎Jul 13 2020

@Dean GrossThanks but this is not the answer I'm looking for.

Dean Gross · ‎Jul 14 2020

@milchl sorry about that, not sure what answer you are looking for, but this may be helpful https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-an...

Azure Security Center and MCAS

Azure Security Center and MCAS

Re: Azure Security Center and MCAS

Re: Azure Security Center and MCAS

Re: Azure Security Center and MCAS

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Security Center and MCAS