Microsoft Documentation provides following definitions for MDI and MCAS:
MDI:The Defender for Identity portal provides a quick view of all suspicious activities in chronological order. It enables you to drill into details of any activity and perform actions based on those activities. The Defender for Identity portal also displays alerts and notifications to highlight problems seen by Defender for Identity or new activities that are deemed suspicious.
MCAS: It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services. It provides simple deployment, centralized management, and innovative automation capabilities.
Could you please clarify the difference between MCAS and MDI while both provides suspicious activity details?
@Dave8465 MDI is applicable only to your On-Prem Domain Controllers where you can detect and get alerted on the suspicious activities (Account Enumeration, Lateral Movement, Brute Force, Suspicious Addition to Sensitive Groups, etc.) with respect to Domain Controllers.
While MCAS on the other hand is used to protect and govern data present across your cloud applications. MCAS detects unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage and remediate automatically to limit the risk to your organization.