MDATP - outbound connection only? What features will work?

Iron Contributor

Hi All, we have a customer with some devices that have limited connectivity to the Internet.
Most of the fleet of devices in a number of "networks" have connectivity via either proxy or LB to the outside world - that is a given. However inbound connectivity is strictly controlled and this might be something that is not going to be available.

 

That being said - what features from MDATP will work and which ones would not work in this scenario? Have I missed anything in my list below?

The list I have created is the following - does anyone have a differing opinion?

MDATP Feature

Supported with no inbound connections?

Automated Investigation

Yes

Live Response

No

Enable EDR in Block mode

???

Automatically resolve alerts

Yes

Allow or Block file

Possibly not?

Custom Network indicators

Probably not

Show User Details

Yes

Skype for Business integration

No

Azure ATP integration

Yes

O365 Threat intelligence connection

Yes

MCAS integration

Yes

AIP/MIP Information Protection

Yes

MS Secure Score

Yes

Web Content filtering

Possible?

MS Intune connection

Possible?

Share endpoint alerts with MS Compliance Center

Yes

 

0 Replies