Sep 17 2020 01:52 AM - edited Sep 17 2020 01:58 AM
Hi All, we have a customer with some devices that have limited connectivity to the Internet.
Most of the fleet of devices in a number of "networks" have connectivity via either proxy or LB to the outside world - that is a given. However inbound connectivity is strictly controlled and this might be something that is not going to be available.
That being said - what features from MDATP will work and which ones would not work in this scenario? Have I missed anything in my list below?
The list I have created is the following - does anyone have a differing opinion?
MDATP Feature | Supported with no inbound connections? |
Automated Investigation | Yes |
Live Response | No |
Enable EDR in Block mode | ??? |
Automatically resolve alerts | Yes |
Allow or Block file | Possibly not? |
Custom Network indicators | Probably not |
Show User Details | Yes |
Skype for Business integration | No |
Azure ATP integration | Yes |
O365 Threat intelligence connection | Yes |
MCAS integration | Yes |
AIP/MIP Information Protection | Yes |
MS Secure Score | Yes |
Web Content filtering | Possible? |
MS Intune connection | Possible? |
Share endpoint alerts with MS Compliance Center | Yes |