cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

When to use DfI for monitoring instead of MCAS

Dean Gross
Silver Contributor

‎Dec 15 2020 03:54 PM - last edited on ‎Nov 30 2021 09:26 AM by

‎Dec 15 2020 03:54 PM - last edited on ‎Nov 30 2021 09:26 AM by

When to use DfI for monitoring instead of MCAS

For orgs that have integrated MCAS and Defender for Identity , what scenarios require  Defender for Identity to be used monitor incidents instead of MCAS. My client is trying to simplify operations and would like to use as few portals as possible. 

1,449 Views
1 Like
1 Reply
Reply
1 Reply
AnuragSrivastava

‎Jan 14 2021 01:37 AM

‎Jan 14 2021 01:37 AM

Re: When to use DfI for monitoring instead of MCAS

@Dean Gross 

If the integration between MCAS and Defender for Identity is in place, then the Operations Team can monitor the incidents on just one portal (MCAS). MCAS will contain all the incidents from Defender for Identity.

However an analyst would need to go the DfI portal in case he need to drill down and investigate in depth on the events.

Better to go with Azure Sentinel as it can act as single pane of monitoring for incidents from all Microsoft Security Solutions.

0 Likes
Reply