Forum Discussion
Extract user access to Cloud Apps categories.
I’m having some issues with getting report data out of Defender for Cloud App. Short version is I want to get a report (or at the very least an export) of all users accessing sites in the Generative AI category.
I can do this manually by following these steps:
- Open Cloud Discovery
- Click Discovered apps
- Enter Gnerative AI in the browser by category
I now get a list of discovered sites but to get a list of users who have accessed them I have to:
- Click each app one at a time
- In each click Cloud app usage
- Click Users
- And finally export all users
Imagine how long with would take for a category that has a high amount of usage and how inefficient this would be to provide monthly reporting.
I tried to find a way to see in one step user activity for one Cloud App category, but I cannot. Any idea?
1 Reply
Take this:
- Use Cloud Discovery Log Parsing
- Export the raw Cloud Discovery logs.
- Filter them externally (e.g., in Excel or Power BI) by:
- App category = “Generative AI”
- Extract user identifiers (IP, username, etc.)
- This gives you a consolidated view of users accessing apps in that category.
- Use Microsoft Defender for Endpoint Integration
- You can create custom Advanced Hunting queries in Microsoft 365 Defender.
- These queries can target Generative AI app domains and extract user activity across endpoints.
- This method is more scalable and automatable for monthly reporting.
- Tag and Govern Apps
- Use Activity policies to track access.
- Set alerts or automated exports based on user activity.
