Event banner
Event details
72 Comments
- Trevor_Rusher
Community Manager
Thank you all for joining our AMA today! We appreciate all the great questions and hope you learned something new. I'll be locking this event to new questions but you should always be able to see all the questions and answers here on this page. If you have more questions related to Defender for Cloud Apps or SaaS Security feel free to check out the Defender for Cloud Apps Discussion Space here on Tech Community.
Also please stay tuned for our next AMA here on the SCI Tech Community Event Space!
- Thanks to all!
- One additional I've been curious on, if this has been brought up internally. Has there been any appetite to look into expanding the integration between MDE and MDCA to facilitate more insightful forward-proxy like capability. As in enhance the web content filtering, network protection, and cloud discovery capabilities to open up more of forward-proxy solution? I ask because if this were expanded to something like what a Zscaler or Netskope can offer than customers could look at consolidation capabilities and enhanced data within the M365 Defender ecosystem. Has there been any chatter on something like that?
- WendyLiu
Microsoft
For those that want to learn more about MDA, check out more resources below.
- SaaS Security announcement: Microsoft shifts to a comprehensive SaaS security solution - Microsoft Security Blog
- Joint blog post on SaaS Security Posture Management (SSPM) and app hygiene: Improve your app posture and hygiene using Microsoft Defender for Cloud Apps
- Ninja training on MDA: http://aka.ms/MDCANinjaTraining
- Ninja show, part 1: Microsoft Defender for Cloud Apps Overview
- Ninja show, part 2: Microsoft Defender for Cloud Apps deep dive
- The Customer Connection Program introduces a community for already deployed customers to get more information on upcoming features, roadmap discussions, community calls, webinars, content under NDA, etc. Link to sign up: aka.ms/joinccp
- Nir HendlerFor suggesting features and getting other customers upvote existing suggestions, please go to: https://aka.ms/m365defender/feedback
- We have sensitivity label colors set in Purview but they do not show in documents. Are there any prerequisites that we may be missing for them to show in O365 documents?
- Nir HendlerHey Grant, Label colors can refer to watermarks (which have no prerequisites) and for the actual label color (the label you select from the menu), For that you should use latest releases of Microsoft 365 apps that support that or the latest version of AIP Client.
- Is there a roadmap published for MDCA? I know the release notes page.. but anything forward looking or a Defender roadmap like M365?
- Caroline_LeeHi Nico, great question. Are you a part of our Customer Connection Program (CCP)? The Customer Connection Program introduces a community for already deployed customers to get more information on: Upcoming features Roadmap discussions Community calls Webinars Content under NDA. You can join via this link: aka.ms/joinccp If you have any other questions regarding roadmap, feel free to DM me.
- Also for partners?
- are there other ways (other than sensitivity label access) in which either sensitivity label or retention labels or their respective policies in the compliance portal have overlap with MDCA capabilities / App gov add on capabilities?
- Keith_Fleming
Hi Nico, App governance can provide capabilities to see if sensitive content is being accessed.
Defender for Cloud Apps inline and file policies along with Purview have capabilities to apply labels in specific scenarios. We have a blog that discussed these different use cases here.
Please let us know if that answers your question.
- Re labelling, wouldn't we use Purview as a preferred option?
- Dan MichelsonThanks, Tanya. If you got the features you need in Purview to achieve your labelling goal, Purview should be your preferred option. For the cases where Purview is not covering your need, please share your needs with us, here or DM me. If MDCA covers the need, use it but also share the feedback with us. In general, we are thinking of ways to unify the experience so you'll not need to "choose". Please share your thoughts.
- A particular instance is, might be, where I deal with a client and their organisation might hold 1Peta-byte of data, and there is limited tagging/classification or labelling, SPO is not in use. The organisation are running a hybrid model running apps and data on premises and in Azure. Let's say that the initial budget will influence the mechanism for first of all cleansing the data. Let's say as the data architect in this instance, considers a mass data move, onto Azure and let's leave the apps for this discussion. As being a data driven organisation is key for this organisation. The Apps can wait. Some data is actually static - so there is this to consider too. In order to start classifying the data, labelling the data - what would be the first part of the strategy. The data is highly secure and if leaked onto the public domain would be catastrophic, not from a PCIDSS perspective, more from a personal security issue. In this instance, Blobs and containers won't suffice, given the mass data farm moves required from off premises DC's to Azure. How can this be managed well, would Azure Fuel Sync be adequate, it's difficult to understand, due to the options available, which options fit the clients needs, to get the basics right, to then set the security wrappers to ensure best practices are adopted.
- We have MDE in passive mode - Can we Unsanction applications at the firewall and provide temporary exceptions to users who may have a business need
- Yoann_David_MalletHi Abdul, As of now, Defender for CLoud Apps will receive some data from clients in Passive mode, however, it is not possible to block unsanctionned apps at the MDE level when in passive mode. If you are using a third party firewall, you can still export a block script to block unsanctioned apps at the firewall level. Finally, when it comes to exceptions, if you intend to block apps using MDE, as of today, we can grant exceptions at the machine level, but not yet at the user level.
- Do the block script take into consideration the exceptions applied to unsanctioned apps through scoped profiles
- What are the benefits of integrating Microsoft Defender for Identity and Azure Identity Protection with MDCA? What capabilities will we lose if decided not to integrate these? Also it would be great if you can provide test cases to test the above two within MDCA. Thanks
Yulia_ZhurbinskyThank you, Abdul, for your question! The native integration of Microsoft Defender for Cloud Apps into Microsoft 365 Defender provides a power to provide the best protection to you from threats aiming at your cloud applications. This experience is now in public preview. This integration provides the security teams a central XDR experience that correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. You can learn more in this blog https://www.microsoft.com/en-us/security/blog/2023/02/15/microsoft-shifts-to-a-comprehensive-saas-security-solution/ and our documentation https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide- Thank you, I was referring to integration with Microsoft Defender for Identity and Azure Identity Protection
