SharePoint Stuff

Microsoft Cloud App Security (MCAS) Q&A

Written by Luke Smith. Posted in Microsoft

Q: How quick can the MACS log collector ingest data
A 50GB\hr, main limitations are bandwidth and processing can be overcome by increasing the compute\bandwidth\adding more collectors
Q: What happens is the MCAS log collector can’t process the data quick enough
A: Data is dropped (DD to confirm), adding more collectors are recommended
Q: Do you need a MCAS log collector per device
A: no can use the same one
Q: Can I add more MCAS log collectors
A: Yes (DD to confirm if they can be load balanced, I think they can but couldn’t find an article
Q: What do I need to do to protect my end users when using the MCAS Proxy
A: Need devices to be Azure AD Joined, as it uses conditional access
Q: Does the MCAS proxy work with non-Windows 10 devices
A: Yes using conditional access from MDM for macOS, Android and iOS – Windows 8.1 or below TBC
Q: If the details of a cloud vendor is in correct how can these be updated
A: Microsoft Support Request from the portal
Q: Do you need to license every user for MCAS to view the activity
A: Not for proxy\firewall logs
Q: Do you need to licenses every user for MCAS is you need to control access using the proxy
A: Yes
Q: Can we create our own application and vendor onlinecasinogo classification
Q: Can we integrate MCAS with a SIEM
A: Yes
Q: Can we integrate MCAS and ATP (Defender and Office 365) together
Q: Can we integrate AIP with MAS
A: Yes

Useful Links:

Windows Defender Advanced Threat Protection (WDATP) Q&A

Written by Luke Smith. Posted in Microsoft

Q:Can you configure Defender ATP to use additional or different security threat feeds such as: FireEye, LookingGlass, Infoblox, SecureWorks, RSA, McAfee, Customer prebuilt feed)
Q: Are you able to block particular MD5\applications
A: You can create custom IOC’s and TI;s using API or PS (
Q Can you define automatic custom isolation and block rules (based on MD5 and application names)
Q: Can you Change the ratings of the existing threat categories?
A: Only for the custom Indicators of Compromise IOC’s or Threat Intelligence TI’s
Q:Can you Integrate with other SIEMs\SOCs
A: Currently only HP and splunk
Q: Can Defender ATP Integrate with third-party CMDBs
A: AD using AD connect – TBc for third-parties such as SCCM\LANDesk
Q: Can Windows Defender ATP integrate with Office ATP
A: Yes, WDATP and O365ATP can be integrated and needs enabling as per the following: and
Q: Can Defender ATP work with older versions of Windows below online casinos 8.1?
A: No, but does work with Windows Server 2012R2 and above
Q: Can Defender ATP work with non-windows based machines
A: Yes, requires Bitdefender and can run on macOS, Linux, iOS and Android: (Other third-parties such as Lookout and Ziften will be added Nov 2017)
Q: Can Defender integrate with Cloud App Security?
Q: How can I test Defender ATP
A: see: – text file containing remove the <>
A: once configured and also run:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile(‘’, ‘C:\test-WDATP-test\invoice.exe’);Start-Process ‘C:\test-WDATP-test\invoice.exe’

Useful Links:
Windows Defender Advanced Threat Protection – Ransomware response playbook