Microsoft Threat Protection and MCAS

%3CLINGO-SUB%20id%3D%22lingo-sub-1169774%22%20slang%3D%22en-US%22%3EMicrosoft%20Threat%20Protection%20and%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1169774%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20question%20regarding%20the%20integration%20between%20MTP%20and%20MCAS.%20Although%20we%20can%20see%20alerts%20flowing%20into%20MTP%20from%20MCAS%2C%20there%20doesn't%20appear%20to%20be%20alert%2Fincident%20status%20updating%20between%20the%20two%20platforms.%20We%20have%20the%20Azure%20ATP%20integration%20enabled%20in%20MCAS%20as%20required%20in%20the%20listed%20prerequisites.%20Additionally%2C%20two-way%20updating%20appears%20to%20be%20working%20for%20our%20integration%20between%20Defender%20ATP%20and%20MTP.%20Is%20this%20a%20known%20issue%2C%20working%20as%20intended%2C%20or%20an%20issue%20with%20our%20instances%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3CP%3ERicky%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1341687%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Threat%20Protection%20and%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1341687%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F113089%22%20target%3D%22_blank%22%3E%40Ricky%20Bryant%3C%2FA%3E%26nbsp%3Bdid%20you%20get%20a%20response%20on%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20see%20that%20Azure%20ATP%20and%20Cloud%20App%20Security%20don't%20support%20what%20you%20are%20looking%20for%20but%20I%20can't%20find%20anything%20specific%20to%20MTP%20-%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-mcas-integration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-mcas-integration%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3E%22When%20using%20Azure%20ATP%20with%20Cloud%20app%20security%2C%20closing%20alerts%20in%20one%20service%20will%20not%20automatically%20close%20them%20in%20the%20other%20service.%20Decide%20where%20to%20manage%20and%20remediate%20alerts%20to%20avoid%20duplicated%20efforts.%22%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20like%20to%20see%20a%20statement%20and%20roadmap%20for%20which%20integrated%20portal%20to%20use.%20Its%20all%20very%20confusing%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1371682%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Threat%20Protection%20and%20MCAS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1371682%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F225911%22%20target%3D%22_blank%22%3E%40Razmi%20Patel%3C%2FA%3E%26nbsp%3BI%20have%20not%20received%20a%20response%20to%20this%20and%20I%20agree%2C%20it%20would%20be%20awesome%20to%20see%20exactly%20which%20centralized%20dashboard%20we%20should%20be%20using%20and%20have%20that%20dashboard%20be%20able%20to%20close%20out%20alerts%20in%20the%20connected%20tools.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERicky%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello!

 

I have a question regarding the integration between MTP and MCAS. Although we can see alerts flowing into MTP from MCAS, there doesn't appear to be alert/incident status updating between the two platforms. We have the Azure ATP integration enabled in MCAS as required in the listed prerequisites. Additionally, two-way updating appears to be working for our integration between Defender ATP and MTP. Is this a known issue, working as intended, or an issue with our instances?

 

Thank you,

Ricky

2 Replies

@Ricky Bryant did you get a response on this?

 

I see that Azure ATP and Cloud App Security don't support what you are looking for but I can't find anything specific to MTP - 

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-mcas-integration

"When using Azure ATP with Cloud app security, closing alerts in one service will not automatically close them in the other service. Decide where to manage and remediate alerts to avoid duplicated efforts."

 

I'd like to see a statement and roadmap for which integrated portal to use. Its all very confusing

@Razmi Patel I have not received a response to this and I agree, it would be awesome to see exactly which centralized dashboard we should be using and have that dashboard be able to close out alerts in the connected tools.

 

Ricky