diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 892b102b6a..112ad05008 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -307,7 +307,7 @@ ######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md) -##### [Configure Managed security service provider support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md) +##### [Configure managed security service provider (MSSP) support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md) #### Configure Microsoft threat protection integration diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 5912d8360c..2f96d47923 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -304,7 +304,7 @@ ###### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) ####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md) -#### [Configure Managed security service provider support](configure-mssp-support-windows-defender-advanced-threat-protection.md) +#### [Configure managed security service provider (MSSP) support](configure-mssp-support-windows-defender-advanced-threat-protection.md) ### Configure Microsoft threat protection integration #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md index 72ab5e8c05..22998f989d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md @@ -30,7 +30,7 @@ You'll need to take the following configuration steps to enable the managed secu > - MSSP customers: Organizations that engage the services of MSSPs. The integration will allow MSSPs to take the following actions: -- Get access to MSSP customer’s Windows Defender Security Center portal +- Get access to MSSP customer's Windows Defender Security Center portal - Get email notifications, and - Fetch alerts through security information and event management (SIEM) tools diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-features.png b/windows/security/threat-protection/windows-defender-atp/images/advanced-features.png index aa7e2277ee..614b37509d 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/advanced-features.png and b/windows/security/threat-protection/windows-defender-atp/images/advanced-features.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-cloud-discovery-dashboard-menu.png b/windows/security/threat-protection/windows-defender-atp/images/atp-cloud-discovery-dashboard-menu.png new file mode 100644 index 0000000000..df043c168e Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-cloud-discovery-dashboard-menu.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mcas-settings.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mcas-settings.png new file mode 100644 index 0000000000..11e12c2890 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-mcas-settings.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png b/windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png index 1da5081120..f4ff016260 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png and b/windows/security/threat-protection/windows-defender-atp/images/cloud-discovery.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png b/windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png index ed59fe1fa7..bab143bdc6 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png and b/windows/security/threat-protection/windows-defender-atp/images/win10-endpoint-users.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md index f19e0c3444..f36e82887a 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md @@ -20,9 +20,15 @@ ms.date: 09/03/2018 [!include[Prerelease information](prerelease.md)] -To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration in the **Windows Defender ATP Settings** page, under **Advanced features**: +To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration. -![Advanced features](./images/advanced-features.png) +1. In the navigation pane, select **Preferences setup** > **Advanced features**. +2. Select **Microsoft Cloud App Security** and switch the toggle to **On**. +3. Click **Save preferences**. + + + +![Advanced features](images/atp-mcas-settings.png) Once activated, Windows Defender ATP will immediately start forwarding discovery signals to Cloud App Security. @@ -32,13 +38,15 @@ Once activated, Windows Defender ATP will immediately start forwarding discovery 2. Navigate to the Cloud Discovery dashboard. + ![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png) + 3. Select **Win10 Endpoint Users report**, which contains the data coming from Windows Defender ATP. -![Win10 endpoint users](./images/win10-endpoint-users.png) + ![Win10 endpoint users](./images/win10-endpoint-users.png) This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context. -Notice the new **Machine**s tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (e.g., when drilling down to a specific cloud app). +Notice the new **Machines** tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app). ![Cloud discovery](./images/cloud-discovery.png) @@ -48,5 +56,4 @@ For more information about cloud discovery, see [Working with discovered apps](h If you are interested in trying Microsoft Cloud App Security, see [Microsoft Cloud App Security Trial](https://signup.microsoft.com/Signup?OfferId=757c4c34-d589-46e4-9579-120bba5c92ed&ali=1). ## Related topic - - [Microsoft Cloud App Security integration](microsoft-cloud-app-security-integration.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md index faf32d6f94..5f1eabb9f4 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md @@ -7,32 +7,30 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: ellevin -author: levinec +ms.author: macapara +author: mjcaparas ms.localizationpriority: high ms.date: 09/03/2018 --- # Microsoft Cloud App Security integration overview +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] -[Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) gives you visibility into your cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. +Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that gives you visibility into your cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. For more information, see [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security). -Cloud App Security integrates into your eco-system in two places: +## Windows Defender ATP and Cloud App Security integration -1. Firewall and proxy servers route your endpoints traffic to the web and forward cloud traffic logs to Cloud App Security. +Cloud App Security discovery relies on cloud traffic logs being forwarded to it from enterprise firewall and proxy servers. Windows Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, thereby enhancing data optics on cloud application related activities. -2. Cloud App Security connects to your cloud app public API to enable control and governance of the data stored on cloud apps. - -![Cloud apps](./images/cloud-apps.png) - -Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that helps you keep control of assets through improved visibility over cloud apps that are being used across an organization. Cloud Discovery analyzes network traffic data to provide you with ongoing visibility into cloud use, Shadow IT, and the risk Shadow IT poses into your organization. - -Windows Defender ATP provides one-click integration with Cloud Discovery by forwarding network connection data gathered from onboarded machines and users. These signals are sent to Cloud App Security, giving administrators deeper visibility into cloud usage, including the use of unsanctioned cloud services. - -By leveraging the Windows Defender ATP endpoint network sensor signals, this integration further enhances Cloud App Security visibility into machine related activity and expanding coverage of off-network traffic. +The integration provides the following major improvements to the existing Cloud App Security discovery: +- Available everywhere - Since the network activity is collected directly from the endpoint, it's available wherever the device is, on or off corporate network, as it's no longer depended on traffic routed through the enterprise firewall or proxy servers. +- Works out of the box, no configuration required – Forwarding cloud traffic logs to Cloud App Security requires firewall and proxy server configuration. With the Windows Defender ATP and Cloud App Security integration, there’s no configuration required. Just switch it on in Windows Defender Security Center settings and you’re good to go. +- Device context – Cloud traffic logs lack device context. Windows Defender ATP network activity is reported with the device context (which device accessed the cloud app), so you are able to understand exactly where (device) the network activity took place, in addition to who (user) performed it. ## Related topic diff --git a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md index fa624bfec1..cc4e951918 100644 --- a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md @@ -31,7 +31,7 @@ To address this demand, managed security service providers (MSSP) offer to deliv Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: -- Get access to MSSP customer’s Windows Defender Security Center portal +- Get access to MSSP customer's Windows Defender Security Center portal - Get email notifications, and - Fetch alerts through security information and event management (SIEM) tools