Microsoft Cloud

Microsoft Cloud integrations allow Cisco XDR users to leverage several Microsoft products that make use of the Microsoft Cloud APIs. This combined integration allows you to manage and maintain one set of Microsoft cloud credentials across many individual product integrations between Cisco XDR and Microsoft products. Add your Microsoft cloud credentials and then add a minimum of one of the following Microsoft security applications that you want to configure to use those credentials:

• Microsoft Defender for Office 365 - Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against advanced threats delivered via email and collaboration tools, like phishing, business email compromise, and malware attacks. In Cisco XDR, we enable Defender for Office 365 users to include Defender for Office365 detections in overal incident detection, and leverage email intelligence and detections while performing incident investigations and threat hunting.

  Integration with Microsoft Defender for Office365 allows you to incorporate Microsoft Defender for Office365 detections into XDR's overall incident detection and correlation capabilities. Use the Microsoft Defender for Office 365 integration to search for security detections and associated indicators, reputations, and references, involving specified email addresses, URLs, email subjects, message IDs, IPs, domains, or file hashes. It also creates a target automatically in Automation for out-of-box workflows.

• Microsoft Defender for Endpoint - Microsoft Defender for Endpoint is an Endpoint Detection and Response (EDR) offering. Microsoft Defender for Endpoint security events can generate and contribute to correlated incidents in Cisco XDR. In Cisco XDR, we enable Defender for Endpoint users to leverage it for incident detection functions, threat hunting and investigation features, rapid response actions to understand and defend against threats on the endpoint, and providing important device inventory context to help triage detected threats.

  Integration with Microsoft Defender for Endpoint allows you to incorporate Microsoft Defender for Endpoint detections into XDR's overall incident detection and correlation capabilities. Use the Defender for Endpoints integration to search for security detections involving specific hostnames, machine IDs, IPs, and file hashes. Defender for Endpoints can be used through Cisco XDR to isolate hosts from the network and block many types of observables, including file hashes, network resources (such as IP addresses, domains, and URLs), and certificates. This integration can be used to provide host information, including vulnerability information for use in triaging incidents and detections. It creates a target automatically in Automation for out-of-box workflows and it provides important device inventory context to help triage detected threats.