App Discovery - application criteria

Copper Contributor

Does anyone know if there is documented criteria that defines an application in the context of Cloud App Discovery - i.e. what criteria does the app have to meet to be defined as an app, that in turn means it shows up in the discovered apps list?

 

An example of why I ask. I tested uploading data to Datto Workspace and within a few hours, Datto Workspace shows up as a new discovered app. I've then setup 'Synology Drive' on my NAS at home, which has a public DNS record, uses TLS and is arguably no different to Datto Workspace in the sense that I can logon and upload data. The difference is, this has not shown up as a discovered app in MCAS. MCAS has no record of the 6GB of test data that I uploaded to the NAS..

 

Keen for any thoughts/advice.

 

Thanks

Darren

1 Reply
Generally, it has to be a website into which you can login. Your local NAS traffic is not SaaS because it is not internet-delivered.

Keep in mind the cloud app discovery as a CASB feature is quite simple. There is a list of apps and the URLs of which they consist (our Cloud App Catalog has this info under the domains property of each app). When web log data comes in via MDE, log collector, etc. the URL is checked against the list and if it is traffic to an "app" then the app usage data gets incremented with the new bit of log data; user, URL, bytes tx, bytes rx, etc.

If you define your own app(s) in cloud app discovery, you can discover any web-based app you want though. It doesn't matter whether it is a local network URL or an internet URL.

https://docs.microsoft.com/en-us/defender-cloud-apps/cloud-discovery-custom-apps