Forum Widgets
Latest Discussions
Cloud Discovery policy - Governance action - Scoped profile missing
Hi everyone, I wanted to create a Cloud Discovery policy that automatically tags as unsanctioned some applications but only for a scoped profiles. When tagging cloud applications manually, it's possible to scope it to a profile: However, this option doesn't exist in the governance actions section: Are there any other way to create policies that can tag but only for a device group/scoped profile? Cheers,MatheoBtDec 11, 2024Copper Contributor23Views0likes0CommentsAdmin Quarantine Location on Defender for Cloud Apps keeps going blank
Hi, I am facing an issue where when I select a file location for admin quarantine on Defender for Cloud Apps, that file path just vanishes away the next day and it comes up as a blank location. I tried changing the SharePoint site multiple times but it still goes blank after a day. Has anybody encountered this lately ?AbhinavK1660Oct 04, 2024Copper Contributor177Views0likes0CommentsNew Blog | Introducing the new File Integrity Monitoring with Defender for Endpoint integration
By Gal Fenigshtein As part of the Log Analytics agent deprecation, Defender for Servers has introduced a new simplification strategy aiming at significantly simplifying the onboarding process and requirements needed to protect servers in the cloud, while enhancing existing capabilities and adding new ones. According to this strategy, all Defender for Servers capabilities are provided over Defender for Endpoint or cloud-native capabilities and agentless scanning for VMs, without relying on either Log Analytics Agent (MMA) or Azure Monitor Agent (AMA). This hybrid approach combines the strengths of agent-based and agentless protection, offers multi-layered security for servers. While the agent provides in-depth security and real-time detection and response, agentless and cloud-native capabilities deliver enhanced coverage, full visibility within hours, with no performance impact on machines. Security findings from both, agent-based and agentless approaches, are seamlessly integrated in Defender for Cloud, tailored to protect servers in multicloud environments. Read the full post here: Introducing the new File Integrity Monitoring with Defender for Endpoint integrationDavidFernandesSep 27, 2024Microsoft379Views0likes0CommentsBlocking download of a file in SharePoint with a specific label
Hello Everyone, I have a sharepoint site with many files, there are few files I have labeled as "Internal", "client" and "Important". I want block the download of files that has "Important" Label. I have create the session policy in defender for cloud apps using conditional access app control. However the policy is not taking effect. In conditional access policy, I have selected the app as sharepoint online and in session control I have selected "Use custom Policy" Below is DCA session policy kindly advice. Thank youAfsar_ShariffSep 09, 2024Brass Contributor283Views0likes0CommentsNew Blog Post: Securing Multi-Cloud Gen AI workloads using Azure Native Solutions
Note: This series is part of “Security using Azure Native services” series and assumes that you are or planning to leverage Defender for Cloud, Defender XDR Portal, and Azure Sentinel. Introduction AI Based Technology introduces a new set of security risks that may not be comprehensively covered by existing risk management frameworks. Based on our experience, customers often only consider the risks related to the Gen AI models like OpenAI or Anthropic. Thereby, not taking a holistic approach that cover all aspects of the workload. This article will help you: Understand a typical multi-cloud Gen AI workload pattern Articulate the technical risks exists in the AI workload Recommend security controls leveraging Azure Native services We will not cover Data Security (cryptography, regulatory implications etc.), model specific issues like Hallucinations, deepfakes, privacy, toxicity, societal bias, supply chain security, attacks that leverage Gen AI capabilities to manifest such as Disinformation, Deepfakes, Financial Fraud etc. Instead, we aim to provide guidance on architectural security controls that will enable secure: Configuration of AI workload Operation of the workload This is a two-part series: Part 1: Provides a framework to understand the threats related to Gen AI workloads holistically and an easy reference to the native security solutions that help mitigate. We also provide sample controls using leading industry frameworks. Part 2: Will dive deeper into the AI shared responsibility model and how that overlaps with your design choices Threat Landscape Let’s discuss some common threats: Insider abuse: An insider (human or machine) sending sensitive / proprietary information to a third party GenAI model Supply chain poisoning: Compromise of a third-party GenAI model (whether this is a SaaS or binary llm models developed by third party and downloaded by your organization) System abuse: Manipulating the model prompts to mislead the end user of the model Over privilege: Granting unrestricted permissions and capability to the model thereby allowing the model to perform unintentional actions Data theft/exfiltration: Intentional or unintentional exfiltration of the proprietary models, prompts, and model outputs Insecure configuration: Not following the leading practices when architecting and operating your AI workload Model poisoning: Tampering with the model itself to affect the desired behavior of the model Denial of Service: Impacting the performance of the model with resource intensive operations We will discuss how these threats apply in a common architecture. Reference architecture Fig. Gen-AI cloud native workload Let’s discuss each step so we can construct a layered defense: Assuming you are following cloud native architecture patterns, your developer will publish all the application and infrastructure code in an Azure DevOps repo The DevOps pipeline will then Create a container image Pipeline will also set up respective API endpoints in Azure API management Pipeline will deploy the image with Kubernetes manifests (note that he secrets will stored out of bound in Azure Key Vault) User access an application that leverages GenAI (Open AI for Azure and Anthropic in AWS) Depending on the API endpoint requested, APIM will direct the request to the containerized application running in cloud native Kubernetes platforms (AKS or EKS) The application uses API credentials stored in KeyVault The application makes requests to appropriate Gen AI service The results are stored in a storage service and are reported back to the user who initiated step 5 above Each cloud native service stores the diagnostic logs in a centralized Log Analytics Workspace (LAW) Azure Sentinel is enabled on the LAW For the full post click here: Securing Multi-Cloud Gen AI workloads using Azure Native Solutions - Microsoft Community HubTonyOPSAug 22, 2024Microsoft319Views0likes0CommentsDefender Cloud apps custom tag limits
Hello I am currently Configuring Defender for Cloud Apps Policies and have a requirement to create custom app tags. The requirement is 15 custom tags in total. I am doing this through the Defender>Settings>Cloud apps>App Tags I have added 10 (bringing the total to 13 with the existing (Sanctioned, Unsanctioned and Monitored) without issue and used them in the relevant policies. When I have come to add the next custom tag using the Add app Tag option this is grey out and will not let me add it. Please can someone advise if this is a known limitation and there is a maximum number of custom tags ? Is there a PowerShell method for custom Tag creation /management ? Additionally if anyone can point me to a KB on this please ? ThankyouAA_1234Jul 16, 2024Copper Contributor278Views0likes0CommentsSession Management via Defender for Cloud Apps
Hi, We are testing the conditional access functionality in Defender for Cloud Apps, one of our use cases is to be able to sign out users from all active SSO sessions, it appears that this is only possible for Microsoft apps. Is there a way for us to be able to get users kicked out of all active sessions, ie. Workday, Slack, ServiceNow or other SSO enabled applications? During our testing it seems that this is not possible from any Microsoft resources such as Entra, Intune, or Defender.sa7234Jun 03, 2024Copper Contributor304Views0likes0CommentsRemove sensitivity label in Defender for Cloud Apps
One of the Governance Actions in File Policies for Defender for Cloud Apps is "Remove sensitivity label". However is seems that the policy does just nothing - it doesn’t remove label either with or without protection. So, what it does and under what circumstances? Any experience on that?Red FlagMay 29, 2024Iron Contributor309Views0likes0Comments
Resources
Tags
- Cloud App Security524 Topics
- Cloud Discovery107 Topics
- Data Protection66 Topics
- App Connectors55 Topics
- threat protection53 Topics
- azure active directory12 Topics
- microsoft defender for cloud apps12 Topics
- cloud security10 Topics
- mcas9 Topics
- azure8 Topics