cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MCAS or 365 Security

SDB8519
Copper Contributor

‎Sep 24 2021 08:56 AM - last edited on ‎Nov 02 2021 05:25 PM by

‎Sep 24 2021 08:56 AM - last edited on ‎Nov 02 2021 05:25 PM by

MCAS or 365 Security

Hey all,

 

I'm relatively new into the industry and been tasked with championing some of our E5 platforms.

We have both MCAS and MS 365 Security which I'm going to call MDE... My questions are:

1. Which one should I be using to manage alerts?

    a. Why can't I manage alert policies in MDE and I can in MCAS. 

2. What are the differences between the two?

3. Should we even be using both of them?

1,601 Views
0 Likes
3 Replies
Reply
3 Replies
thijoubertold

‎Sep 30 2021 01:50 AM

‎Sep 30 2021 01:50 AM

Re: MCAS or 365 Security

Hi @SDB8519 

MDE (Microsoft Defender for Endpoints), M365 Defender and MCAS (Microsoft Cloud App Security) are three different products: M365 Defender: the whole suite of security tools for M365 (which include MDE, MCAS, but also MDO, MDI and AADP2) https://docs.microsoft.com/en-us/microsoft-365/security/defender/overview-security-center?view=o365-...

- MDI (Microsoft Defender for Identity): Detection of compromise of your local AD

- AAD P2 : Information Governance + Information Protection (protection of cloud identity and improvement of conditional access)

- MDE (Microsoft Defender for Endpoints): Anti-malware / EDR for your endpoints

- MCAS (Microsoft Cloud App Security): "CASB" for the protection of t

- MDO (Microsoft Defender for Office 365): Protection of emails and collaborative tools


If you have ME5 licences, you should use all the tools as they bring a different value

The new unified security portal will let you to have all the security alerts in one place: https://docs.microsoft.com/en-us/microsoft-365/security/defender/overview-security-center?view=o365-...

0 Likes
Reply
SDB8519

‎Sep 30 2021 02:23 AM

‎Sep 30 2021 02:23 AM

Re: MCAS or 365 Security

Thanks Thijoubert,

I suppose I was most interested in what portal alerts were best actioned in?

In CAS I seem to be able to modify policies for alerts, even though they aren't fully working. Whereas in 365 security I can't suppress every alert which is frustrating. I like 365 security better but if CAS is better functionality wise not sure which to use.

Thanks!
0 Likes
Reply
thijoubertold

‎Sep 30 2021 03:36 AM

‎Sep 30 2021 03:36 AM

Re: MCAS or 365 Security

In this case, the new M365 Defender Portal should answer to your needs.
You define the policies in the different admin centers and you manage them in the unified portal (with the incidents and alerts pages)
https://docs.microsoft.com/en-us/microsoft-365/security/defender/overview-security-center?view=o365-...

Sami Lamppu wrote an interesting article on this topic: https://samilamppu.com/2020/11/24/microsoft-365-defender-vs-azure-sentinel-which-one-to-use/
1 Like
Reply