One of the benefits of using security solutions in the Microsoft Cloud is that they integrate together, quickly and easily. If you are using Microsoft Defender for Endpoint then signals from this can be shared with the Microsoft 365 Threat environment.
To enable this integration navigate to the Office 365 Security & Compliance portal. Expand the Threat Management option from the menu on the left. Then select Explorer from the options that appear. Finally, in the right hand pane scroll to the right until you locate the WDATP Settings hyperlink as shown above, and select it.
Ensure the Connect to Windows ATP is set to On, typically it is off by default.
In the Microsoft Defender Security center navigate to Settings. Select the Advanced features option from the menu on the left. Ensure the Office 365 Threat Intelligence connection is set to On.
Once done, your systems are integrated and will now share information between them. This will make identifying threats much easier because now:
- You will be able to view device details and Microsoft Defender for Endpoint alerts from the Threat Explorer.
- Microsoft Defender for Endpoint will be able to query Microsoft 365 for email data in your organization and show links back to filtered views in the Threat Explorer.
CIAOPS 