Integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection
Integrating Office 365 ATP with Microsoft Defender ATP can help your security operations team monitor and take action quickly if users' devices are at risk. For example, once integration is enabled, your security operations team will be able to see the devices that are potentially affected by a detected email message, as well as how many recent alerts those devices have in Microsoft Defender ATP.
The following image depicts what the Devices tab looks like have Microsoft Defender ATP integration enabled:
In this example, you can see that the recipients of the detected email message have four devices and one has an alert. Clicking the link for a device opens its page in the Microsoft Defender Security Center (https://securitycenter.windows.com).
Learn more about the Microsoft Defender Security Center (also referred to as the Microsoft Defender ATP portal.)
Your organization must have Office 365 ATP Plan 2 (or Office 365 E5) and Microsoft Defender ATP.
You must be a global administrator or have a security administrator role (such as Security Administrator) assigned in the Security & Compliance Center. (See Permissions in the Security & Compliance Center)
You must have access to both Explorer (or real-time detections) in the Security & Compliance Center and the Microsoft Defender Security Center.
To integrate Office 365 ATP with Microsoft Defender ATP
Integrating Office 365 ATP with Microsoft Defender ATP is set up by using both the Security & Compliance Center AND the Microsoft Defender Security Center.
As a global administrator or a security administrator, go to https://protection.office.com and sign in. (This takes you to the Office 365 Security & Compliance Center.)
In the navigation pane, choose Threat management > Explorer.
In the upper right corner of the screen, choose WDATP Settings.
In the Microsoft Defender ATP connection dialog box, turn on Connect to Windows ATP.
Go to the Microsoft Defender Security Center (https://securitycenter.windows.com).
In the navigation bar, choose Settings. Then, under General, choose Advanced features.
Scroll down to Office 365 Threat Intelligence connection, and turn the connection on.