Microsoft Documentation provides following definitions for MDI and MCAS:
MDI: The Defender for Identity portal provides a quick view of all suspicious activities in chronological order. It enables you to drill into details of any activity and perform actions based on those activities. The Defender for Identity portal also displays alerts and notifications to highlight problems seen by Defender for Identity or new activities that are deemed suspicious.
MCAS: It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services. It provides simple deployment, centralized management, and innovative automation capabilities.
Could you please clarify the difference between MCAS and MDI while both provides suspicious activity details?