Microsoft Defender for Cloud Apps-Describe security, compliance, privacy, and trust in Microsoft 365

Microsoft Defender for Cloud Apps is a cloud access security broker (CASB), essentially an intermediary between Microsoft 365 cloud users and the cloud-based Software as a Service (SaaS) apps they run. Like the other Defender products, the administrative interface for Defender for Cloud Apps has been integrated into the Microsoft 365 Defender portal.

Defender for Cloud Apps monitors the apps the network users are accessing to ensure that the apps are authorized and used safely. The product includes the main features shown in Figure 3-23:

FIGURE 3-23 Microsoft Defender for Cloud Apps features

  • Cloud app discovery Defender for Cloud Apps uses network traffic analysis and other techniques to perform a pattern search in the Microsoft cloud app catalog of 25,000 applications. After identifying all of the cloud apps being used on the network, Defender then assesses each app as a potential threat based on more than 90 risk factors and displays the resulting information in a dashboard like the one shown in Figure 3-24. Administrators can selectively sanction the apps they want users to access while desanctioning those they do not.

FIGURE 3-24 The Cloud Discovery dashboard in the Microsoft 365 Defender portal

  • SaaS security posture management Every SaaS app is different, and administrators often cannot practically learn the configuration peculiarities of dozens or hundreds of sanctioned apps. Defender for Cloud Apps, using the information in the cloud app library, compares the best practices for each app with its current configuration settings and generates recommendations for revised settings and actions. Defender for Cloud Apps supports using APIs supplied by the cloud application providers for sanctioned applications. These APIs enable Defender to function as an intermediary between cloud applications and the enterprise’s users, as shown in Figure 3-25, by accessing activity logs, user accounts, and data sources. Defender for Cloud Apps can then use this information to monitor usage, enforce policies, and detect threats.

FIGURE 3-25 Interactions of Defender for Cloud Apps with an enterprise network and cloud applications

  • Information protection Defender for Cloud Apps is integrated into the Microsoft 365 Data Loss Protection (DLP) engine, which enables Defender to scan cloud apps for sensitive data, log its location and who is accessing it, and take actions such as applying a label or even blocking user access.
  • Continuous threat protection As noted earlier, Defender for Cloud Apps is integrated into Microsoft 365 Defender, which makes it part of the high-level Microsoft 365 security posture, continuously monitoring cloud app alerts and integrating them into the enterprise attack investigations.
  • App-to-app protection Open Authorization (OAuth) is a standard that enables one app to access information on another app on a user’s behalf. This is naturally a security concern, and Defender for Cloud Apps can add help by adding protection to the app-to-app communications with application governance. Application governance takes the form of policies that determine how apps communicate with each other, as well as actions and alerts that can remediate problem situations.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.