Azure Advanced Threat Protection integration

Applies to: Microsoft Cloud App Security

Microsoft Cloud App Security integrates with Azure Advanced Threat Protection (Azure ATP) to provide user entity behavioral analytics (UEBA) across a hybrid environment - both cloud app and on-premises, for more information, see Tutorial: Investigate risky users For more information about the machine learning and behavioral analytics provided by Azure ATP, see What is Azure ATP?.

Prerequisites

For complete user investigation across a hybrid environment, you must have:

  • A valid license for Azure ATP connected to your Active Directory instance
  • You must be a global admin to enable integration between Azure ATP and Microsoft Cloud App Security
  • If do not have Azure ATP, try it now

Note

If you don't have a subscription for Microsoft Cloud App Security, you will still be able to use the Cloud App Security portal to get Azure ATP insights.

Enable Azure Advanced Threat Protection

To enable Cloud App Security to integrate with Azure ATP:

  1. In Cloud App Security, under the settings cog, select Settings.

    Settings menu

  2. Under Threat Protection, select Azure ATP.

    enable azure advanced threat protection

  3. Select the checkbox to Connect Azure ATP data including alerts and activities with Cloud App Security.

Note

It may take up to 12 hours until the integration takes effect.

After enabling Azure Advanced Threat Protection integration, you'll be able to see on-premises activities for all the users in your organization. You will also get advanced insights on your users that combine alerts and suspicious activities across your cloud and on-prem environments.

Next steps

Control cloud apps with policies

Premier customers can also create a new support request directly in the Premier Portal.