Playbooks with MDCA
I am attempting to integrate MDCA alerts with freshdesk as per the e.g. https://learn.microsoft.com/en-us/defender-cloud-apps/flow-integration I have E5 without teams licenses. I created the flow, Once from playbooks in MDCA portal and once in power automate directly and went to create a policy to test it out but the option "Sent to power automate" from the policy is always greyed out. Alerts are not automatically detected in the flow unless the action in the policy is set to send to power automate which again is greyed as option in the policies. Also playbooks tab in the MDCA portal does not show the flows I created before, It shows empty, Seems link is broken between MDCA and PowerAutomate. Any reason for this, Any Idea about this? Thanks in advance.
Using Microsoft Defender for Cloud Apps to block apps on managed devices.
Greetings, I have been tasked to work with Microsoft Defender for cloud apps and to block the usage of the Firefox browser on all endpoints within my estate apart from a few users who require it. I have tried to unsanctioned app feature. This only displays a warning prompt but users can still proceed with using and interacting with the application. We have already configured web content filtering and works fine. I already looked up other articles relating to downloading a block script but that applies to other security appliances such as firewalls which we don't want to get into. Is there a convenient way to block certain apps usage by solely using Microsoft Defender for Cloud Apps or is this platform only used for monitoring purposes and cannot really block the app by unsanctioning it?
Only browser activities can be found in Activity Log for Conditional Access App control App
We have add Deskbird into Microsoft Defender for Cloud Apps via Entra ID CA policy, and it is listed in MDCA - Cloud apps - Activity log now. However, we found only the activities via web browser were logged, the activities trigged from mobile Apps are not. But those activities can be found in Sign-in Logs from Azure enterprise application portal. How to make MDCA receive all activities include both browser and App? We want to setup access control policy, without the visibility to Mobile App activities, the policy can't cover all scenarios.SharePoint site security configurations for Defender Cloud Apps Admin Quarantine Feature
Referring to Microsoft official documentation below which is very high-level, has anyone done/would recommend hardening or applying security measures to secure the SharePoint site dedicated for "Admin Quarantine" purpose?. It shouldn't be just as simple as creating a separate site and setting in the Defender portal as this should not be exposed to the rest of the organization, in my view. Shouldn't we at a minimum, restrict the permissions of the site? Official reference - Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn Any ideas are greatly appreciated ! Thank you!
New blog post | Container Security with Microsoft Defender for Cloud
In recent years, containerization has become a popular approach to application deployment and management. Containers enable developers to build more quickly and efficiently in the cloud by offering a convenient and streamlined way to package applications and their dependencies. While lightweight and portable, containerized environments introduce new attack vectors and risks such as runtime vulnerabilities, configuration errors and lateral movement between containers. Ensuring the security of containerized environments requires a comprehensive approach that involves multiple layers of security and continuous monitoring such as consistent vulnerability scanning and threat detection. Container Security in Microsoft Defender for Cloud
