Automate machine isolation with MDATP and Microsoft Flow - YouTube MVP Demo

Highlighted
Microsoft

Learn how to automate suspicious machine isolation with MDATP and Microsoft Flow.

https://www.youtube.com/watch?v=uT2RQf_uPKA

 

We are proud of our Security MVPs

 

@Dan Michelson , @danm332

 

 

Lean how Microsoft Flow and Microsoft Defender ATP integration works in this demo where your SOC team receive a notification email to approve isolating a com...
4 Replies
Highlighted

What is a good way to test this flow? The downloads from https://demo.wd.microsoft.com all generate Informational severity alerts. 

Highlighted

@Joe Stern 

 

Have you tried our "Simulations and Tutorials"?

On the upper right side of the MDATP portal you'll find the "?" menu. There you may pick the Simulations menu item and try different scenarios. Most of the attack scenarios will create the alerts you're looking for.

 

Please share your feedback.

Highlighted
Thanks, Dan. The fileless PowerShell scenario on that page triggered my flow successfully; I'm hoping never to see a real one but I will ready when it comes.
Highlighted

@Dan Michelson Hi! Does the customer need addtional license for FLOW or what is included to M365 E3 is enough?