Defender ATP & MCAS integration - Bluecoat Proxy?

Highlighted
Frequent Contributor

Hi ,

 

I've reviewed @Heike Ritter's info from:
https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-amp-Microsoft-C...

 

We are helping a customer with a major implmentation of Bluecoat Proxy, and it does seem that folks are able to bypass this as/when they want via tethered mobiles, etc...

 

My understanding is that the integration between Defender ATP & MCAS resolves this aspect of a "potential blind spot" with respect to Shadow IT - Defender ATP logs from devices out in the field are fed back into Defender ATP Console - then piped into MCAS?

https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration

 

Is this correct? There is a Bluecoat SG connector in MCAS (but not one in Azure Sentinel?) so we can see this can be plumbed in - but we're looking at how to showcase that MCAS can this gap if this does stand up? 

 

Do we *NEED* to connect Bluecoat Proxy to Sentinel or MCAS? If we can "pick up" the same info via Defender ATP & MCAS integration, then is this needed….?


Is anyone from the MCAS or Defender ATP side going to be at the RSA Conference in Singapore next week?  

1 Reply
Highlighted

@David Caddick 

Windows 10 E5 (can be purchased separately from M365E5 bundle) entitles you to Windows Defender ATP.  This has easy integration to MCAS for cloud app discovery wherever the PCs are.

Use proxy logs for servers and non-windows clients. Use WDATP for Win10 clients.