From 872806bdd66585fc3bd3d190ad454312d241e120 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 24 Aug 2018 17:07:06 -0700 Subject: [PATCH] update mcas integration --- windows/security/threat-protection/TOC.md | 6 ++- .../windows-defender-atp/TOC.md | 7 ++-- .../enable-mcas-integration.md | 42 ------------------- .../microsoft-cloud-app-security-config.md | 14 ++++++- ...icrosoft-cloud-app-security-integration.md | 15 +++++-- .../overview-mcas-integration.md | 32 -------------- ...reat-protection.md => threat-analytics.md} | 0 7 files changed, 31 insertions(+), 85 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-atp/enable-mcas-integration.md delete mode 100644 windows/security/threat-protection/windows-defender-atp/overview-mcas-integration.md rename windows/security/threat-protection/windows-defender-atp/{threat-analytics-windows-defender-advanced-threat-protection.md => threat-analytics.md} (100%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5b48ea7eb5..23ed403498 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -61,7 +61,7 @@ #### [Auto investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md) #### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md) -##### [Threat analytics](windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md) +##### [Threat analytics](windows-defender-atp/threat-analytics.md) ###### [Threat analytics for Spectre and Meltdown](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) #### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md) ##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) @@ -137,7 +137,8 @@ #### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md) ##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md) -##### [Overview of Microsoft Cloud App Security integration](windows-defender-atp/overview-mcas-integration.md) +##### [Microsoft Cloud App Security integration overview](windows-defender-atp/microsoft-cloud-app-security-integration.md) + #### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md) @@ -305,6 +306,7 @@ ##### [Enable Microsoft Cloud App Security integration](windows-defender-atp/enable-mcas-integration.md) + #### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md) ##### General ###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 2e2f259f4d..3a2a564957 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -59,7 +59,8 @@ ### [Auto investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) ### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) -#### [Threat analytics dashboard](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) +#### [Threat analytics](threat-analytics.md) +#### [Threat analytics for Spectre and meltdown](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) ### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) #### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) ##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) @@ -134,7 +135,7 @@ ### [Microsoft threat protection](threat-protection-integration.md) #### [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) #### [Overview of Microsoft Cloud App Security integration](overview-mcas-integration.md) - +#### [Microsoft Cloud App Security integration overview](microsoft-cloud-app-security-integration.md) ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) @@ -295,7 +296,7 @@ ### Configure Microsoft threat protection integration #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md) -#### [Enable Microsoft Cloud App Security integration](enable-mcas-integration.md) +#### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md) ### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-mcas-integration.md b/windows/security/threat-protection/windows-defender-atp/enable-mcas-integration.md deleted file mode 100644 index a166f1ab64..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/enable-mcas-integration.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Enable Microsoft Cloud App Security integration -description: Learn how to enable the Microsoft Cloud App Security integration with Windows Defender Advanced Threat Protection -keywords: cloud app security, mcas, endpoint signals, cloud application, cloud services, signals, cloud usage -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -ms.date: 09/03/2018 ---- - -# Enable Microsoft Cloud App Security integration -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablemcas-abovefoldlink) - -1. In the navigation pane, select **Preferences setup** > **Advanced features**. - -2. Toggle the **Microsoft Cloud App Security** setting to **On** - -3. Click **Save preferences**. - - - - -## View the report -After approximately an hour, a new report named **Win10 Endpoint Users** will show up in the Cloud App Security cloud discovery dashboard. - -1. Click **Discover > Cloud Discovery dashboard**. - -2. On the top right corner under Continuous Report, select **Win 10 endpoint users**. - -For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/en-us/cloud-app-security/discovered-apps). - -If you are interested in trying Microsoft Cloud App Security, see [Microsoft Cloud App Security Trial](https://signup.microsoft.com/Signup?OfferId=757c4c34-d589-46e4-9579-120bba5c92ed&ali=1). \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md index 5dbdc0f097..f19e0c3444 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md @@ -13,7 +13,12 @@ ms.localizationpriority: high ms.date: 09/03/2018 --- -# Microsoft Cloud App Security configuration +# Configure Microsoft Cloud App Security integration +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration in the **Windows Defender ATP Settings** page, under **Advanced features**: @@ -23,7 +28,7 @@ Once activated, Windows Defender ATP will immediately start forwarding discovery ## View the data collected -1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com/). +1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com). 2. Navigate to the Cloud Discovery dashboard. @@ -37,6 +42,11 @@ Notice the new **Machine**s tab that allows you to view the data split to the de ![Cloud discovery](./images/cloud-discovery.png) + +For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/en-us/cloud-app-security/discovered-apps). + +If you are interested in trying Microsoft Cloud App Security, see [Microsoft Cloud App Security Trial](https://signup.microsoft.com/Signup?OfferId=757c4c34-d589-46e4-9579-120bba5c92ed&ali=1). + ## Related topic - [Microsoft Cloud App Security integration](microsoft-cloud-app-security-integration.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md index ae5ec60c91..faf32d6f94 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md @@ -1,5 +1,5 @@ --- -title: Microsoft Cloud App Security integration +title: Microsoft Cloud App Security integration overview description: keywords: search.product: eADQiWindows 10XVcnh @@ -13,9 +13,8 @@ ms.localizationpriority: high ms.date: 09/03/2018 --- -# Microsoft Cloud App Security integration +# Microsoft Cloud App Security integration overview -## Overview [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) gives you visibility into your cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. @@ -27,6 +26,14 @@ Cloud App Security integrates into your eco-system in two places: ![Cloud apps](./images/cloud-apps.png) +Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that helps you keep control of assets through improved visibility over cloud apps that are being used across an organization. Cloud Discovery analyzes network traffic data to provide you with ongoing visibility into cloud use, Shadow IT, and the risk Shadow IT poses into your organization. + +Windows Defender ATP provides one-click integration with Cloud Discovery by forwarding network connection data gathered from onboarded machines and users. These signals are sent to Cloud App Security, giving administrators deeper visibility into cloud usage, including the use of unsanctioned cloud services. + +By leveraging the Windows Defender ATP endpoint network sensor signals, this integration further enhances Cloud App Security visibility into machine related activity and expanding coverage of off-network traffic. + + + ## Related topic -- [Configure Microsoft Cloud App Security](microsoft-cloud-app-security-config.md) \ No newline at end of file +- [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/overview-mcas-integration.md b/windows/security/threat-protection/windows-defender-atp/overview-mcas-integration.md deleted file mode 100644 index d28ca13ee3..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/overview-mcas-integration.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Overview of Microsoft Cloud App Security integration -description: Understand how Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services -keywords: cloud app security, mcas, endpoint signals, cloud application, cloud services, signals, cloud usage -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -ms.date: 09/03/2018 ---- - -# Overview of Microsoft Cloud App Security integration -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-overviewmcas-abovefoldlink) - -Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that helps you keep control of assets through improved visibility over cloud apps that are being used across an organization. Cloud Discovery analyzes network traffic data to provide you with ongoing visibility into cloud use, Shadow IT, and the risk Shadow IT poses into your organization. - -Windows Defender ATP provides one-click integration with Cloud Discovery by forwarding network connection data gathered from onboarded machines and users. These signals are sent to Cloud App Security, giving administrators deeper visibility into cloud usage, including the use of unsanctioned cloud services. - -By leveraging the Windows Defender ATP endpoint network sensor signals, this integration further enhances Cloud App Security visibility into machine related activity and expanding coverage of off-network traffic. - -## Related topic -- [Enable Microsoft Cloud App Security integration](enable-mcas-integration.md) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md similarity index 100% rename from windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md rename to windows/security/threat-protection/windows-defender-atp/threat-analytics.md