We are happy to announce that applications that use ports other than 443 can now be protected in real-time using Microsoft Defender for Cloud Apps.
One of the core challenges today for security teams is how to protect data in motion. With many employees working in hybrid environments, protecting data in both managed and unmanaged devices has become a prominent attack vector. Within Microsoft Defender for Cloud Apps, we have a dedicated set of capabilities to help customers with this challenge called real time controls.
Using real time controls, you can protect any business web application in real-time, on managed and unmanaged devices.
Here are some common use cases of how it is used:
Block download of files from OneDrive
Block download of sensitive files from Salesforce to an unmanaged device
Protect copy\cut\print when the end user is out of the corporate network
Block upload of malware to Google Drive
Most web applications use port 443 for client-server communication, but there are some apps that use other ports for a variety of reasons. We have heard the feedback that having the flexibility to choose a port was critical to protecting applications. We are excited to announce that Defender for Cloud Apps now supports applications that use ports outside of 443, now public preview.
To make it even easier for our users, this feature will be available out of the box with no additional configuration required.
How to onboard applications using a non-standard port:
In order to protect an application that uses a non-standard port, the steps are the same to how you would onboard any other web application that leverages real time controls:
Onboard the application for access and session controls (documentation)
Set up a session policy for this specific application based on your business needs (for example, block downloads for unmanaged devices for AppX) (documentation)
As an alternative, add the app to an existing session policy
Once the policy is enabled, all sessions that fall within the criteria will be protected.
Feel free to leave a comment on what your experience with this new capability. We would love to hear any feedback.