Getting Started with Microsoft Defender for Cloud Apps
Вставка
- Опубліковано 28 лип 2024
- This time I take a look at getting started with Microsoft Defender for CloudApps which is a critical tool in Microsoft 365 security for not only, discovering shadow IT, but also hunting for anomalies and investigating users and apps. A must if you use tools like Intune and Endpoint Manager. As always if you enjoy the video please hit the like & subscribe buttons. Also, any questions please pop them down below. Please note I've also included Timecodes with this video, so you can jump directly to an area of interest. Enjoy :-)
Please visit my website www.Andymalone.org
Timecodes
00:00 Start
01:50 Demo Begins - Endpoint Manager / Intune
03:01 Discovering Shadow IT - CloudApp Discovery
03:33 CloudApp Catalog & Risk Scoring
07:14 Exploring the CloudApp Discovery dashboard
08:55 Sanctioning / Un-sanctioning Apps
13:23 Investigating & Analysing User & App anomalies
18:06 Controlling Apps using Policies & Templates
21:36 Managing incidents with Power Automations
23:38 Managing Alerts
26:11 Enabling Microsoft Defender for Identity
26:35 Session conclusion - Наука та технологія
![Lp. Последняя Реальность #107 РОДНОЙ ДОМ [Финал] • Майнкрафт](http://i.ytimg.com/vi/IK3QKzKUlHM/mqdefault.jpg)
Clear and crisp explanation without beating around bush. You are awesome :)
Aw thanks so much and great to have you on board 😊
Thank you for the CLEAR and in-depth explanation !
You’re very welcome and thanks for dropping by.😀
I really like to pace of the demo, anyone can easily listen and digest quickly. Very well done.
Thanks so much I really appreciate that👍 and welcome to my channel 😀
Hi Andy, You are one of the best tutor I have ever seen. I am glad that I have found you on youtube. I am getting real benefit in my profession from your resourceful videos. Please carry on helping people
Thanks so much I really appreciate that😊👍
Excellent video, very practical examples. Thanks a lot!
You are welcome, and thanks for dropping by :-)
Favorite comment includes any time you say “this rocks by the way!” Awesome. You Rock Andy! Happy new year!!
Aw thanks and so do you 👏👏😀
Thank you so much. I am learning lot from your channel. You are definitely one of the best instructor.
Aw how kind thanks so much and I’m delighted to have you onboard 👍😊
Thank you Andy for the amazing effort!
Thanks so much for the kind comment, I really appreciate it and great to have you on board
Great video, covered them features in simple and clear way. Thank you!
You’re very welcome 👍
This video is perfect! Thank you much and Congrats!
Thanks Laura for your kind comments. I really appreciate it. I’m delighted also that you’re enjoying my videos. All the best, Andy
Excellent video thank you!
Excellent video. Thank you!!!
You’re very welcome, and thank you👍😊
Hey Andy, That was great content. appreciate ur work.:)
You’re very welcome and it’s great to have you on board.👍
Great insights on MS Defender for cloud apps. Thanks and cheers !!!
My pleasure!
I attended an office365 course and cert about 8 or 9 yeas ago. It changed my life to your teachings and I am now a consultant and specialising in o365 and mdm management. Another great video and thanks for the clean tand precise teaching you deliver
Hi Dan, Aw what a lovely thing to say. I’m delighted to hear a success story like this. Congratulations on your career, I wish you great success and it was an absolute pleasure. Great to have you on board and thanks for the kind comment.👍😊
@@AndyMaloneMVPNo problem at all, and thanks again. i got the interview of a lifetime coming up so refreshing with your videos :)
@@danridgewall3563 the best of luck my friend. Let me know how it goes😊👍
Wow Thank you so much. Great content!
You’re very welcome 🎉👍
Great video, Thank you for sharing.
Thanks for watching!
Excellent knowledge
Thank you so much sir...it is very clear and easy
You are most welcome
Very very useful and nice explanation.
You’re very welcome and thanks for the kind comment.👍😊
Thank You. helped me alot!
Delighted to it👍
Good job , you need to do more indepth MCAS/MDCA. You got this art of making things so simple and comprehensible..
Thanks Jenney for your kind comment, I’ll take a look at that for you in due course. All the best, Andy
great work
Thanks I appreciate that
Love it.
Thank you kindly
Nice!
Thanks
What a great videos. It saved me a lot of time from reading the Microsoft docs.
Great to hear from you and thanks for the nice comment, it’s very much appreciated.
Thankyou Sir
Thank you for the awesome video1 I went through it from beginning to the end and it helped me a lot to understand it. I do have a few questions if I may? (as I don't currently have access to any demo environment to play around to understand)
- What if there are some cloud services that M defender 365 CAN'T DETECT? say, not on their 31000 list. How can Defender do to detect those?
- Is it more for real-time monitoring? But, what if I want to download the data and do some analysis, say, to find out all the (API connection excluded) web traffic and figure out what type of structured data has been transferred during a chosen period of time - is there any module of Defender can help?
Not sure if you'll see these questions, but thanks heaps in advance!
Defender uses AI and machine learning to detect behavioural anomalies. Anything, that wouldn’t look right, would get picked up.
ありがとうございます👏
So much informatorom and so well put! I still have 2 questions though: 1. what’s the difference between discovered apps and cloud app catalog? 2. How can I get a report / export the cloud app catalog? Thank you ☺️
Discovered apps are the result of a collection process. The cloudapp catalog is a database of all vendor apps.
@@AndyMaloneMVP thanks so much! Is there a way to export the cloud app catalog?
A very clear information. Request more lessons from you on security front on M365
You’re very welcome absolutely there’s plenty more coming soon
Great vid, thanks :) Have a question, I presume the Discovery funcationality only picks up apps (shadow IT) used by AAD managed accounts? Or can it discover apps used by other (e.g. private) accounts on a managed endpoint?
Initially Microsoft based on 365 & Azure. But you can connect to MANY 3rd party platforms inc, Google, Amazon, Salesforce etc etc. You can also install connectors on premise to capture an analyse data running on internal apps.
@@AndyMaloneMVP Thank you for the response. So lets say you work on a company device/endpoint, and use your personal Gmail or Dropbox - will mcas block that (based on IP maybe) or does it only block apps where you use work account (via Azure AD)? :) Thanks
Thank you for the overview of this service. I do have a question: How do I integrate the exclusion groups from 365 Defender (ie: facebook) into MSDef for CA --group that is unsanctioned. I am having a difficult time trying to figure this one out. Any help will be appreciated!
Hi Jan, thanks for the question. To be honest I think you better ask this question on the Microsoft tech community. I think he would get a faster response to be honest. My technical support capabilities are limited because of time. The best of luck and thanks again
Thank you for the video. How would Defender for Cloud Apps block users from using certain apps (12:08), especially 3rd party? Is it connected to Endpoint Defender and stops a user from logging in somewhere or how can I imagine this?
You can block any discovered apps via a combination of Defender for cloudapps. docs.microsoft.com/en-us/defender-cloud-apps/governance-discovery
Create video , really thank you . have a question :how do we add exchange and teams to Conditional access app control I add them, but the setup is incorrect asking me all the time to continue setup please help with it, to configure this step, I searched all the internet cannot find the wright way it always asking for SAML file which i don't have experience all what I need is to make a conditional access session access linked to defender for cloud app could I have your email to send you screen shout of my problem .
Yous seems to be a specific question. For this I would recommend that you have a look at the docs.microsoft.com site as I believe all the settings are explained here.
How do we enable this so it shows the Apps, we have turned on the integration under advanced features, but still asks us to create a report and is totally blank compared to your example.
The example that I’m using for my demo has been preloaded with data. The idea of running a report will allow it to collect information on the apps that you are running in your environment. I recommend that you take a look at the getting started guide on toast on microsoft.com. The best of luck and thanks for reaching out.
Good day, Andy. How to delete app from app connector menu?
You can’t. Only block it. Actually as I write this I think you can do it via PowerShell.
how does microsoft casb perform outside of microsoft suite ?
It's fabulous. It looks at all apps, and you can extend its capabilities with connectors to AWS, Google and sooooo many more.
Not getting Cloud discovery dashboard option under Discover
Are you licensed and have the permissions.
Is there a policy to auto fill a username and password into an app, reason ( the app should be control by the admin).
Sorry, not that I know of. Perhaps PowerShell
What license do you need to get this working? When adding the Microsoft Defender for Cloud Apps and adding this license to userr, i still do no see activity (login for exampe) for other users. Only myself. Also my Discover Dashboard is empty. I only have Cloud app catalog.
All users have to be licensed.
@@AndyMaloneMVP They are and I do see them in Users. I have added the license to users that need to be monitored. In your demo the Discover screen shows far more options then mine. What more do I need to do or add to get this working? Thanks.
@@marcelbruijniks4304 the options you see delivery end upon the licence you’re using. In my demo I’m using an E5 & EM&S
Hi @andy do you have any complete course for casb
I have been confused for months with this Microsoft terminology in Defender for Cloud Apps. Why does "sanctioned" mean "allow" and unsanctioned mean "block" in the eyes of Microsoft? I mean we all know what sanctioned and unsanctioned mean but it should be the other way around or I am missing something here
Sanction is a strange choice of terminology because it has opposing meanings. It can mean “to authorize” or it can mean “to impose a penalty for disobeying a law or rule”. In this case, it’s the former.
@@karins.5807 OK thanks...Cheers....
Sarita is the wife of bad😊 neighbour