Jun 06 2020 08:35 AM
Jun 06 2020 10:50 AM
Hi, there are native integration abilities between MCAS and Defender ATP which when enabled will allow you to monitor machines with ATP installed for things like user history, discovered apps, a general overview of uploads and downloads and the like, plus. IP address history. You can see more information about these integration capabilities at - https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-...
Jun 09 2020 01:54 PM
@Mary_Yvetteif the integration(s) between MCAS and MDATP are enabled/activated - then you should get the visibility that you're mentioning. The link @PeterRising provided shows the integration steps and also dives into what data is captured from endpoints. It also shows the how to perform some filtering within MCAS to view the endpoint data.