Microsoft Defender for Cloud Apps update: November 2021
By Maayan Bar-Niv, Principal Group Program Manager
Organizations are embracing cloud apps to improve productivity and enable the modern, global workforce. This rapid growth requires a modern approach to security and compliance. Microsoft Defender for Cloud Apps, formerly known as Microsoft Cloud App Security, is a comprehensive solution for security and compliance teams enabling users in the organization, local and remote, to safely adopt business applications without compromising productivity.
Last year at Ignite, we shared our vision to create the most complete approach for securing your digital estate and integrating XDR technologies under the Microsoft Defender brand. Unifying Microsoft Cloud Apps Security to the Defender name reflects the integrated security capabilities Microsoft offers across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. Defender for Cloud Apps helps you gain visibility of your deployed cloud apps, discovers shadow IT, and protects your sensitive information. It provides protection against cyber threats, assesses compliance, and manages your security posture across clouds while supporting more cloud-native applications with new capabilities for governance and additional platform visibility.
New app governance capabilities to detect and protect against risky app behaviors App governance is an additional capability available for Microsoft Defender for Cloud Apps that provides additional security and policy management capabilities to monitor and govern app behaviors and quickly identify, alert, and protect from risky behaviors with data, users, and apps. It is designed for OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph API.
Since its public preview announcement on July 14, 2021 app governance has been successfully deployed in several hundred customer environments.
“We had been struggling to get greater visibility across our application landscape for a long time. App governance provides us with deep visibility and insights into how applications are interacting with our O365 data, allowing us to respond quickly to any updates in our application landscape and get a clear picture of our existing applications. The ability to alert on behavioral changes, such as increased traffic flow or permissions is a powerful new addition to our security toolbox.”
Using machine learning models and data access policies, App Governance provides actionable insights via reports, dashboards, and real-time alerts. The integrated experience with Defender for Cloud Apps simplifies management of home-grown Line of Business (LOB) and third-party apps and accelerates deployment, adding value in four ways:
Insights: See a view of all the third-party and LOB apps for the Microsoft 365 platform in your tenant where you can see all the apps’ status and alert activities and react or respond to them. With app governance, gain actionable insights into the behaviors of the apps that are accessing your Microsoft 365 data.
Governance: Create proactive or reactive policies for app and user patterns and behaviors and protect your users from using non-compliant or malicious apps, restricting the access of risky apps to your data. Proactively define and enforce appropriate app behavior with policy-driven guidance that leverages your organization’s security and compliance posture for data access.
Create proactive or reactive policies for app and user patterns and behaviors and protect your users from using non-compliant or malicious apps, restricting the access of risky apps to your data. Proactively define and enforce appropriate app behavior with policy-driven guidance that leverages your organization’s security and compliance posture for data access.
Detection: Receive alerts and notifications when there are anomalies in-app activity and when non-compliant, malicious, or risky apps are used. Detect unusual in-app behavior with machine learning models and address security issues using automated and manual actions.
Remediation: Along with automatic remediation capabilities, use remediation controls in a timely manner to respond to anomalous app activity detections.
“We found a year ago that Graph API was erroneously enabled in Exchange, which opened up vulnerability to previously user consented apps. App governance provided Graph API usage and permissions activity which helped us identify the error. We are now using app governance to help discover, monitor and remediate over-privileged and high privileged apps and use policies to alert on apps posing high-risk levels.”
Integrated XDR capabilities to help protect against advanced attacks Sophisticated adversaries conduct cyber offensive operations that target your attack surface across multiple workloads. As cloud adoption increases, so does the adversary focus on this attack plane, as recent activities have illustrated. To effectively protect against ever-evolving threats, you need to protect across the entire attack kill chain, including cloud apps.
Microsoft Defender for Cloud Apps provides seamless insight and protection to end users without compromising productivity. You can correlate alerts from Defender for Cloud Apps to Microsoft 365 Defender’s XDR incidents, providing a single pane of glass, effectively managing the full attack chain, including your cloud apps. Your security and compliance teams benefit by integrating with your existing ecosystems such as SIEM, XDR, DLP, IdP, and more. Also, advanced hunting in Microsoft 365 Defender includes telemetry from all cloud apps protected by or connected to Defender for Cloud Apps, enabling you to hunt across multiple workloads, including cloud apps.
Organizations can onboard cloud apps with even more safety measures in place As companies seek to do work more efficiently on a true hybrid and remote employee scale, these apps are in high demand and usage across our customers. Customers will gain further visibility to users' activities, and suspicious activity detections. We encourage customers to deploy the new APIs for Slack, OneLogin, SmartSheet, and Zendesk with Defender for Cloud Apps to govern file downloads, PII sharing, and more. Defender for Cloud Apps now also includes security for more than 26,000 cloud applications, covering many major cloud app use cases. The list of apps enabled through Defender for Cloud Apps is continuously updated based on our customers’ needs and feedback. Defender for Cloud Apps will keep you secure and compliant by integrating with the native APIs of an expanding list of widely adopted apps. Defender for Cloud Apps provides security posture assessments of apps, data discovery, classification, and protection as well as advanced threat detection and response capabilities.