Cloud App Security App Discovery

%3CLINGO-SUB%20id%3D%22lingo-sub-1445377%22%20slang%3D%22en-US%22%3ECloud%20App%20Security%20App%20Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1445377%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Community!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20the%20App%20Discovery%20in%20CAS%20includes%20all%20the%20sites%20the%20users%20are%20accessing%20if%20they%20have%20Microsoft%20Defender%20ATP%20enabled%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1445377%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1445528%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20App%20Security%20App%20Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1445528%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342175%22%20target%3D%22_blank%22%3E%40Mary_Yvette%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20there%20are%20native%20integration%20abilities%20between%20MCAS%20and%20Defender%20ATP%20which%20when%20enabled%20will%20allow%20you%20to%20monitor%20machines%20with%20ATP%20installed%20for%20things%20like%20user%20history%2C%20discovered%20apps%2C%20a%20general%20overview%20of%20uploads%20and%20downloads%20and%20the%20like%2C%20plus.%20IP%20address%20history.%26nbsp%3B%20You%20can%20see%20more%20information%20about%20these%20integration%20capabilities%20at%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fwdatp-integration%23investigate-machines-in-cloud-app-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fwdatp-integration%23investigate-machines-in-cloud-app-security%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1452126%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20App%20Security%20App%20Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1452126%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F342175%22%20target%3D%22_blank%22%3E%40Mary_Yvette%3C%2FA%3Eif%20the%20integration(s)%20between%20MCAS%20and%20MDATP%20are%20enabled%2Factivated%20-%20then%20you%20should%20get%20the%20visibility%20that%20you're%20mentioning.%20The%20link%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F616707%22%20target%3D%22_blank%22%3E%40PeterRising%3C%2FA%3E%20provided%20shows%20the%20integration%20steps%20and%20also%20dives%20into%20what%20data%20is%20captured%20from%20endpoints.%20It%20also%20shows%20the%20how%20to%20perform%20some%20filtering%20within%20MCAS%20to%20view%20the%20endpoint%20data.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi Community!

 

Is the App Discovery in CAS includes all the sites the users are accessing if they have Microsoft Defender ATP enabled?

 

Thank you!

2 Replies

@Mary_Yvette 

 

Hi, there are native integration abilities between MCAS and Defender ATP which when enabled will allow you to monitor machines with ATP installed for things like user history, discovered apps, a general overview of uploads and downloads and the like, plus. IP address history.  You can see more information about these integration capabilities at - https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-...

@Mary_Yvetteif the integration(s) between MCAS and MDATP are enabled/activated - then you should get the visibility that you're mentioning. The link @PeterRising provided shows the integration steps and also dives into what data is captured from endpoints. It also shows the how to perform some filtering within MCAS to view the endpoint data.