Sep 26 2019 06:28 AM - last edited on Nov 30 2021 02:06 PM by Allen
Is there a mechanism to isolate servers or users from the ATP Dashboard? For example, if I get alerts on a user logging into an unauthorized resource, can I for a disconnect?
Thanks
Sep 27 2019 10:33 AM
Hi Jeff,
The Azure ATP security operations experience (such as alert management, user investigation and new security assessment reports) for Azure ATP can be performed also under the Microsoft Cloud App Security Portal (under portal.cloudappsecurity.com).
Note that you don’t need to have a license or not have to use Microsoft Cloud App Security in order to enjoy from this experience for Azure ATP. You can read more about the integration here: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-mcas-integration
Among many other features and capabilities, this portal includes a number of user actions available from the user page, including the ability to suspend a user. You can find more details about the new user page and capabilities here: https://docs.microsoft.com/en-us/cloud-app-security/tutorial-ueba
Regards,
Astrid