Jul 08 2019 07:39 AM - edited Jul 08 2019 08:12 AM
Hi ,
I've reviewed @HeikeRitter's info from:
https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-amp-Microsoft-C...
We are helping a customer with a major implmentation of Bluecoat Proxy, and it does seem that folks are able to bypass this as/when they want via tethered mobiles, etc...
My understanding is that the integration between Defender ATP & MCAS resolves this aspect of a "potential blind spot" with respect to Shadow IT - Defender ATP logs from devices out in the field are fed back into Defender ATP Console - then piped into MCAS?
https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration
Is this correct? There is a Bluecoat SG connector in MCAS (but not one in Azure Sentinel?) so we can see this can be plumbed in - but we're looking at how to showcase that MCAS can this gap if this does stand up?
Do we *NEED* to connect Bluecoat Proxy to Sentinel or MCAS? If we can "pick up" the same info via Defender ATP & MCAS integration, then is this needed….?
Is anyone from the MCAS or Defender ATP side going to be at the RSA Conference in Singapore next week?
Feb 04 2020 08:01 AM
Windows 10 E5 (can be purchased separately from M365E5 bundle) entitles you to Windows Defender ATP. This has easy integration to MCAS for cloud app discovery wherever the PCs are.
Use proxy logs for servers and non-windows clients. Use WDATP for Win10 clients.