Isolate servers or users

Copper Contributor

Is there a mechanism to isolate servers or users from the ATP Dashboard? For example, if I get alerts on a user logging into an unauthorized resource, can I for a disconnect? 

 

Thanks 

1 Reply

@jbchris 

Hi Jeff,

 

The Azure ATP security operations experience (such as alert management, user investigation and new security assessment reports) for Azure ATP can be performed also under the Microsoft Cloud App Security Portal (under portal.cloudappsecurity.com).

 

Note that you don’t need to have a license or not have to use Microsoft Cloud App Security in order to enjoy from this experience for Azure ATP. You can read more about the integration here: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-mcas-integration

 

Among many other features and capabilities, this portal includes a number of user actions available from the user page, including the ability to suspend a user. You can find more details about the new user page and capabilities here: https://docs.microsoft.com/en-us/cloud-app-security/tutorial-ueba

 

Regards,

Astrid