Connection error in App Connectors
Hi There, I'm trying to setup a Conditional Access App control policy in my tenant using MCAS and I'm unable to do so because I'm constantly receiving this connection error ( see screenshot below) for Microsoft 365. I'm not sure what I'm doing wrong and what's wrong with my tenant but I'm unable to get rid of this error. Any help would be highly appreciated. I have a Microsoft 365 E5 license in my tenant and all the users have been given the same license. Because of this error I'm not able to onboard the Microsoft 365 app to Conditional Access App control and hence when I got to the policy management to create an access policy or session policy I end up getting the below mentioned error.
Microsoft Defender for Cloud Apps evaluation
Hi all, I'm currently playing with Cloud Apps. I would like to block Virus Total (for testing purpose). From the Dashboard, I can see all the discovered applications for a specific device. I tagged VirusTotal application as Unsanctioned but the application (accessed using a web browser) is never blocked... PS: I have Microsoft Defender for Business license PS: I enabled Microsoft Defender for Apps in Settings -> Endpoint -> Advanded Features -> ON (Microsoft Defender for Cloud Apps). Any idea ?? Regards, HA
About block download files from app with defender for cloud apps
Hi All, I have a requirement to prevent Android devices from downloading files, I checked the session control using condition access and the session policy using Defender for Clouds. I successfully blocked the M365 service on the broswer from download files, but the M365 app on mobile device was unable to block it. I thought the access policy could block it, but it had no effect at all. May I ask if there is a method error? Or is there another way? Thanks.
Editing 'Risky sign-in' policy in Microsoft Defender for Cloud Apps
Hi Guys, I wonder if I can edit the 'Risky sign-in' policy in Microsoft Defender for Cloud Apps, It looks like I can only edit the 'Trigger alerts with a minimum severity of'. I am trying to exclude certain IP, so I won't get alert when someone is logging in from it. I already added this IP to the whitelist option in 'Tag as a Corporate IP and add to whitelist', but I still get alerts when there is any activity from this IP. Thank you for your help.
Survey: Share feedback on Cloud App Catalog Sub-services
We need your feedback! Today, MDA cloud app catalog contains entries for SaaS apps like Jira and their risk information. I want to meet with a few customers to understand if they need entry for sub-services of these SaaS apps like Jira for Teams, Jira for Slack etc. For this, I want to get customers feedback on the following questions: a. Do you assess an app before connecting to another SaaS app? If so, how do you assess it before approving / consenting to usage? b. What common security, compliance and legal attributes do you evaluate before connecting to an app? Do you want to influence the product design by providing your feedback, insights, and recommendations for improvement? We'd love to hear from you in this survey! We need your input to enhance our product and make it even more valuable for you. Your opinion matters! Your valuable insights will directly influence our product development decisions. Thank you for being an engaged customer and for helping us in our journey to deliver the best user experience possible. Survey Link Click Here!
New blog post | Microsoft Defender for APIs enriches Defender CSPM capabilities
We are excited to unveil the integration of (Preview) and Defender CSPM in the Microsoft Defender for Cloud (MDC) to provide contextual API security findings and guide prioritized remediation. Microsoft Defender for APIs, announced at RSA 2023, is the latest addition to our lineup of robust Defender plans in Microsoft Defender for Cloud. Defender for APIs helps organizations' business-critical APIs managed by Azure API Management with a holistic approach to prevent, detect and respond to API security threats with integrated cloud security context. Microsoft Defender for APIs enriches Defender CSPM capabilities. - Microsoft Community HubHow to use Defender for Cloud App with cost optimization for both environment ( Dev and Prod )
Hi All, I have two subscriptions 1. Development and 2. Production. In the Dev subscription, I have a lot of resources like about 20 storage accounts and 12 app service plans and 4 Azure SQL and etc. As you know, Defender for Cloud is subscription level, therefor If I enable it on a Dev subscription the cost should be more expensive. But in the Prod environment, I will enable Defender for Prod's resources. Now, I want to know how can I use Defender for Dev's resources with minimum cost or what's the best solution or best practice for this issue. My idea is to use Prod security recommendations for the same resources in the Dev environment. Is there another idea?
New Blog Post | Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis
Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis - Microsoft Community Hub Our previous blogs “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” and "Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub" emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. As a follow up article here we walk you through the scenarios how to identify and mitigate the biggest security risk issues while distinguishing them from less risky issues. Cloud environments are dynamically changing and to support rapidly changing threat and business environments in near real time, security teams need to act rapidly and effectively to mitigate risks and protect sensitive data and critical systems. Though cloud security solutions detect vulnerabilities and misconfigurations, growing number of assets can mean hundreds or thousands of security recommendations, overwhelming the security professionals to remediate the risks. By using Microsoft Defender for Cloud Attack Path Analysis, organizations can gain a better understanding of the potential attack paths that an attacker may take to compromise their cloud environment. This enables security professionals to prioritize risk remediation efforts and focus their resources on the most critical vulnerabilities and risks, to improve their overall security posture. To understand the prerequisites to Identify and remediate attack paths, visit: Identify and remediate attack paths - Defender for Cloud | Microsoft Learn Security administrators can use attack path analysis for risk remediation by following these steps: Identify the Attack Paths: The first step is to identify the attack paths that an attacker might take to exploit vulnerabilities in the system. This includes mapping out the various components of the system, identifying the entry points, and analyzing the potential paths that an attacker might take. Analyze the Risks: After identifying the attack paths, the next step is to analyze the risks associated with each path. This includes evaluating the likelihood and impact of a successful attack and identifying the potential consequences for the organization. Prioritize Remediation Efforts: Based on the analysis of the risks, security administrators should prioritize their remediation efforts. This includes focusing on the most critical vulnerabilities and attack paths that present the greatest risk to the organization. Develop and Implement Mitigation Strategies: After prioritizing remediation efforts, security administrators should develop and implement mitigation strategies to address the identified vulnerabilities and attack paths. Test and Monitor: After implementing mitigation strategies, it is important to monitor the system to ensure that the vulnerabilities have been addressed and the attack paths have been closed. Security administrators need to proactively use the Attack Paths to ensure all critical paths are remediatedDefender for Cloud Apps Outdated Browsers - Wrong User Agent String
Hi, I have been creating Activity Policies to detect logins from outdated browsers. Frustratingly, users who I know have up to date browsers installed, are still being detected by the policy for running the likes of Chrome 96 and Edge 18. I have seen an old thread discussing something similar but there is no response or workaround for this issue. - https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/outdated-browser-and-operating-system-user-agent-tags/m-p/906620 I don't want to change the policy to only look for certain browser versions. I'd like the policy to work as advertised and only detect interactive logins via outdated browsers. It looks as though the wrong User Agent tags are being read, as I know the users are not running the browser versions displayed. How can I get around
