Announcement: Microsoft Cloud Apps Security (MCAS) has been renamed to Microsoft Defender for Cloud Apps (MDCA), joining the "Microsoft Defender" family of products. For more information about the change, please see this announcement.
In addition, here is our new short link for this blog post: Short Link: http://aka.ms/MDCANinjaTraining.
If you've already completed the training, you can focus on the latest updates (June 2022 update).
Have you been wanting to secure your cloud resources? Do you have agreements with non-Microsoft cloud applications? Do you want to share your cloud security knowledge and experience with others? Wait no longer, the Microsoft Defender for Cloud Apps Ninja training is here!
Microsoft Defender for Cloud Apps has hundreds of amazing videos available and it can sometimes be overwhelming with determining where to start and how to progress through different levels. We've gone through all these and created this repository of training materials - all in one central location! Please let us know what you think in the comments.
The overall structure of the training sessions are split into three main knowledge levels:
Level |
Description |
Level 1: Fundamentals - Beginner level |
Introduction to Microsoft Defender for Cloud Apps, licensing, portal navigation, policy basics, and overall definitions. |
Level 2: Intermediate - Associate level |
Capability demos, automatic governance, overall deployment, and connecting 3rd party apps. |
Level 3: Advanced - Expert level |
Power automate, 3rd party IdP integration, and advanced use case scenarios. |
After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
We plan to update this training on a quarterly basis to ensure that you all have the latest and the greatest training materials. Please do check back often for new training content. You can find the newly added training content are listed on the Latest Update Page. They are also listed here tagged with "[New!]" at the end of the training title. For those of you who have already gone through the training before, it's faster to go to the Latest Update Page and view those [New!] training contents directly.
-
Microsoft 365 Defender (previously Microsoft Threat Protection)
-
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
-
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
-
Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
- Microsoft Defender for Cloud Apps (previously Microsoft Cloud Apps Security)
Please let us know what you think about this training!
Acronyms
Acronyms |
Full Name |
MDCA |
Microsoft Defender for Cloud Apps |
RBAC |
Role-based access control |
MDATP |
Microsoft Defender Advanced Threat Protection |
AATP |
Azure Advanced Threat Protection |
ATP |
Advanced Threat Protection |
AIP |
Azure Information Protection |
ASC |
Azure Security Center |
AAD |
Azure Active Directory |
CASB |
Cloud Access Security Broker |
MTP |
Microsoft Threat Protection |
GCC |
Government Community Cloud |
GCC-H |
Government Community Cloud High |
MDI |
Microsoft Defender for Identity |
MDO |
Microsoft Defender for Office 365 |
MDE |
Microsoft Defender for Endpoint |
SSPM |
SaaS Security Posture Management |
XDR |
Extended Detection and Response |
M365D |
Microsoft 365 Defender |
Table of Contents
Microsoft Defender for Cloud Apps - Fundamentals
Module 1. Fundamental level Overview
Module 2. Microsoft Defender for Cloud Apps Introduction
Module 3. Initial Settings
Module 4. Cloud Discovery
Module 5. Information Protection and Real-Time Controls
Module 6. Threat Detection
Fundamentals Knowledge Check
Microsoft Defender for Cloud Apps - Intermediate
Module 1. Intermediate Level Overview
Module 2. Cloud Discovery
Module 3. Information Protection and Real-Time Control
Module 4. Threat Detection
Intermediate Knowledge Check
Microsoft Defender for Cloud Apps - Advanced
Module 1. Advanced Level Overview
Module 2. Power Automate
Module 3. 3rd Party IdP configuration
Module 4. Conditional Access App Control steps for non-Microsoft SAAS applications
Module 5. SIEM Integration
Module 6. Advanced Scenarios and Guidance
Module 7, Additional Blogs and Information
Advanced Level Knowledge Check
Legend
Docs on Microsoft | Blogs on Microsoft |
Product videos | Webcast recordings |
Tech Community | Interactive guides |
⤴ External Sites |
GitHub |
Microsoft Defender for Cloud Apps - Fundamentals [Beginner Level]
Module 1. Fundamental Level Overview
Training Title | Description |
Introduction to Microsoft Defender for Cloud Apps Beginner Level Training | This video provides a summary of what contents will be covered in the Fundamentals (Beginner level) training |
Microsoft Defender for Cloud Apps Tech Community | This is a Microsoft Defender for Cloud Apps Community space that allows users to connect and discuss the latest news, upgrades, and best practices with Microsoft professionals and peers. |
Top 20 Use Cases for CASBs | This document provides use cases that can be leveraged during proof of concept (POC), or as prep step for deploying CASB solution (looking for ways to prioritize deployment components). |
What is a CASB and Why do I need one? | This blog provides an overview of CASBs and why they are important for securing your cloud resources. |
Module 2. Microsoft Defender for Cloud Apps Introduction
Training Title | Description |
Microsoft Defender for Cloud Apps Introduction | This is an introductory video presentation of Microsoft's Cloud Access Security Broker (CASB): Microsoft Defender for Cloud Apps |
Microsoft Defender for Cloud Apps Best Practices | This article outlines the best practice for protecting your organization using Microsoft Defender for Cloud Apps. The Best Practice comes from our overall experience working with Cloud Security and from our customers, like you. |
Microsoft Defender for Cloud Apps User Interface Updates | This blog provides an update on the Microsoft Defender for Cloud Apps UI changes. |
Microsoft Defender for Cloud Apps Licensing | This video provides an overview of Microsoft Defender for Cloud Apps licensing information |
Microsoft Defender for Cloud Apps Licensing Datasheet | This document is the Microsoft Defender for Cloud Apps licensing datasheet mentioned in the MCAS Licensing video. |
Difference between Microsoft Defender for Cloud Apps and OCAS | This document outlines the differences between Microsoft Defender for Cloud Apps and OCAS |
Difference between Microsoft Defender for Cloud Apps and AAD Discovery | This document outlines the differences in discovery capabilities between Microsoft Defender for Cloud Apps and AAD |
TCO/ROI of Microsoft Defender for Cloud Apps (Forrester Study) | This video goes over the result of a Forrester Study from May 2020 with the Total Cost of Ownership and Return on Investment of Microsoft Defender for Cloud Apps. |
⤴ The Total Economic Impact of Microsoft Defender for Cloud Apps |
This site provides an overview of the study, |
This setup guide steps through how to set up Microsoft Defender for Cloud Apps in your environment. (Only accessible by licensed partners of Microsoft Defender for Cloud Apps). |
|
This short video provides a brief overview of the "App Governance" feature within the Microsoft Defender for Cloud Apps. |
|
This document outlines the security features Microsoft Defender for Cloud Apps with app governance provides for with Microsoft 365 OAuth apps. |
|
This document includes a video that steps through the functionalities and usages of app governance feature within the Microsoft Defender for Cloud Apps. |
Module 3. Initial Settings
Training Title | Description |
Connect Apps to get visibility and protection | This article outlines the steps on connecting the applications to Microsoft Defender for Cloud Apps to enable greater visibility and control over the application. |
This video walks through how to connect applications to Microsoft Defender for Cloud Apps. | |
Connect your favorite Apps to Microsoft Defender for Cloud Apps |
This blog provides a brief video overview on how to connect GitHub, Salesforce, Box, and Slack, to Microsoft Defender for Cloud Apps. These 4 videos are also listed below. |
In this article, we walk through how to connect Smartsheet to Microsoft Defender for Cloud Apps. | |
In this article, we walk through how to connect Zendesk to Microsoft Defender for Cloud Apps. | |
In this article, we walk through how to connect NetDocuments to Microsoft Defender for Cloud Apps. | |
In this video, we walk through how to connect GitHub to Microsoft Defender for Cloud Apps. | |
In this video, we walk through how to connect Salesforce to Microsoft Defender for Cloud Apps. | |
In this video, we walk through connecting Box to Microsoft Defender for Cloud Apps. | |
In this video, we walk through connecting Slack to Microsoft Defender for Cloud Apps. | |
This video shows how to add your organization's IP address ranges to remove complexities from policy creation, investigation, and improve the accuracy of your alerts. | |
This article outlines the steps on how to configure IP addresses and use IP ranges and tags. | |
This video shows how to import user groups into Microsoft Defender for Cloud Apps to help create relevant policies. | |
This article outlines the steps on how to import user groups from connected apps | |
In this video, we show you how to configure admin roles and set up role-based access controls. | |
This article describes how to manage admin access in Microsoft Defender for Cloud Apps. | |
In this video, we walk through the steps on adding Managed Security Service Provider (MSSP) access to Microsoft Defender for Cloud Apps. | |
This document walks you through how to sign up for Microsoft Defender for Cloud Apps app governance. | |
This document outlines the visibility and meaningful insights Microsoft Defender for Cloud Apps app governance enables for your Microsoft 365 application ecosystem. | |
Get started with Microsoft 365 OAuth app threat detection and remediation |
This document provides information on what information and app governance dashboard provides. |
Module 4. Cloud Discovery
Training Title | Description |
Introduction to Microsoft Defender for Cloud Apps Cloud Discovery | This blog details how to get started in Cloud Discovery in Microsoft Defender for Cloud Apps. |
Dashboard Basics | This article gives a basic overview of how to navigate and use the dashboard. |
Discovered Apps | This article provides guidance on working with the discovered apps and dives deeper into the information provided by the dashboard. |
App Risk Scoring | This video provides an overview of how Microsoft Defender for Cloud Apps evaluates the risk over discovered SaaS apps in your environment. |
Using the Cloud App Discovery Feature | This video provides an overview of Microsoft Defender for Cloud Apps' cloud apps discovery feature. |
Module 5. Information Protection and Real-Time Controls
Training Title | Description |
Connect Office 365 | This video demonstrates how to connect Office 365 to Microsoft Defender for Cloud Apps and enable our powerful capabilities across DLP, Threat Protection, and more. |
What is Conditional Access App Control? | In this video, we explore what Conditional Access App Control is, how to deploy and configure it, and testing a scenario (Microsoft Teams). |
Governance actions for non-O365 and Azure apps | This video provides an overview of some of the governance actions that can be taken with Microsoft Defender for Cloud Apps. |
Configure AAD with Microsoft Defender for Cloud Apps Conditional Access App for Session Controls (Downloads) | In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your downloads. |
Block Sensitive Information Downloads | This article walks you through a tutorial on how to create a session policy to block the download of sensitive information. |
Configure AAD with Microsoft Defender for Cloud Apps Conditional Access App for Session Controls (Uploads) | In this video, we walk through how to configure real-time monitoring and control across your cloud apps leveraging our powerful, native integration with Azure AD conditional Access to provide inline controls for your uploads. |
Understand Unified Labeling Migration | This blog explains what "Unified labeling" is and how to use it in migration scenario. |
Module 6. Threat Detection
Training Title | Description |
Threat Detection Overview | In this video, we walk through Microsoft Defender for Cloud Apps' detection capabilities that allow you to identify advanced attackers and insider threats. |
User and Entity Behavior Analytics | This video provides a brief overview of User & Entity Analytics (UEBA) in Microsoft Defender for Cloud Apps. |
Discover and Manage Risky OAuth applications | In this video, we explore how Microsoft Defender for Cloud Apps can help you identify when users authorized OAuth apps, detect risky apps, and evoke access to risky apps. |
How to investigate anomaly detection alerts | This article provides general information on alerts that are detected by Microsoft Defender for Cloud Apps, and practical guidance on what needs to be done for alert investigation and remediation. |
Manage OAuth apps - Working with the OAuth app page | This article provides instructions on using Microsoft Defender for Cloud Apps to manage OAuth applications. |
Knowledge Check - Microsoft Defender for Cloud Apps Fundamentals
Microsoft Defender for Cloud Apps - Intermediate [Associate Level]
Module 1. Intermediate Level Overview
Training Title | Description |
Introduction to Microsoft Defender for Cloud Apps Intermediate Level Training | This video provides a summary of what contents will be covered in the Intermediate (Associate level) training |
Microsoft Defender for Cloud Apps: Overview | This is an overview video that discusses the different pillars and configuration steps for Microsoft Defender for Cloud Apps with demo. |
Secure Access for applications with Microsoft Defender for Cloud Apps | This article walks through how to secure access for applications with Microsoft Defender for Cloud Apps. |
Module 2. Cloud Discovery
Training Title | Description |
Cloud Discovery Interactive Guide | This interactive guide walks through discovering, protecting, and controlling your apps. |
Cloud Discovery Policies | This article goes over on what are the cloud discovery policies within your Microsoft Defender for Cloud Apps environment. |
How to exclude entities from discovery data | This article provides you with instructions on excluding certain entities' data from being part of the Cloud Discovery data for reporting. |
Microsoft Defender for Cloud Apps and MDE integration | This article walks through the process of integrating MDE (formerly MDATP) and Microsoft Defender for Cloud Apps and how simple the integration is - without requiring an extra agent or proxy. |
How to design and deploy a Log Collector for Microsoft Defender for Cloud Apps | This video details the Microsoft Defender for Cloud Apps cloud discovery pillar and how to deploy a log collector. |
Integrate with Zscaler | If you work with both Microsoft Defender for Cloud Apps and Zscaler, you can integrate the two products to enhance your security Cloud Discovery experience. |
Integrate with iboss | If you work with both Microsoft Defender for Cloud Apps and iboss, you can integrate the two products to enhance your security Cloud Discovery experience. |
Integrate with Corrata | If you work with both Microsoft Defender for Cloud Apps and Corrata, you can integrate the two products to enhance your security Cloud Discovery experience. |
Integrate with Menlo | If you work with both Microsoft Defender for Cloud Apps and Menlo, you can integrate the two products to enhance your security Cloud Discovery experience. |
Module 3. Information Protection and Real-Time Controls
Training Title | Description |
Document fingerprinting in Microsoft 365 Compliance | In this video, we walk through how to set up policies to detect document fingerprinting using Microsoft 365. |
Set up Document Fingerprinting in Microsoft Defender for Cloud Apps | In this video, we walk through how to configure a file policy to detect document fingerprinting in your file repositories using Microsoft Defender for Cloud Apps. |
Protect and Control Information with Microsoft Defender for Cloud Apps | In this interactive guide, we walk through common scenarios where you can control your information with Microsoft Defender for Cloud Apps. |
Secure and Connect GitHub | This blog walks through how to secure and connect your GitHub instance in Microsoft Defender for Cloud Apps. |
Protecting GitHub | This video walks through how to protect your GitHub instance using Microsoft Defender for Cloud Apps. |
How to Protect Your GitHub Environment Using Microsoft Defender for Cloud Apps - Webinar |
This webinar walks through on how to use Microsoft Defender for Cloud Apps to protect your GitHub environment. NOTE: This webinar was hosted before the product name change, hence the title of the webinar still refers to previous product name "Microsoft Cloud App Security" or "MCAS". |
Secure and Connect Box | This blog walks through how to secure and connect your Box instance in Microsoft Defender for Cloud Apps. |
Protecting Box | This video walks through how to protect your data in Box using Microsoft Defender for Cloud Apps. |
Protect Your Box Deployment Using Microsoft Defender for Cloud Apps - Webinar |
This webinar walks through how to use Microsoft Defender for Cloud Apps to help you secure your infrastructure and data. with simple configuration steps tailored specifically for Box. NOTE: This webinar was hosted before the product name change, hence the title of the webinar still refers to previous product name "Microsoft Cloud App Security" or "MCAS". |
Protect Your Slack Deployment Using Microsoft Defender for Cloud Apps - Webinar |
This webinar walks through how to use Microsoft Defender for cloud Apps to protect your Slack deployment NOTE: This webinar was hosted before the product name change, hence the title of the webinar still refers to previous product name "Microsoft Cloud App Security" or "MCAS". |
Protect your Slack environment using Microsoft Defender for Cloud Apps | This blog walks through how to protect your Slack environment using Microsoft Defender for Cloud Apps. |
How Microsoft Defender for Cloud Apps helps protect your Slack Enterprise | This article goes over the capabilities in Microsoft Defender for Cloud Apps that can protect the Slack Enterprise environment. |
Protect Your Salesforce Environment Using Microsoft Defender for Cloud Apps - Webinar |
This webinar walks through how to use Microsoft Defender for Cloud Apps to protect your Salesforce environment. NOTE: This webinar was hosted before the product name change, hence the title of the webinar still refers to previous product name "Microsoft Cloud App Security" or "MCAS". |
Protect Your Smartsheet Deployment Using Microsoft Defender for Cloud Apps | This article provides the best practices on how to use the Smartsheet connector in Microsoft Defender for Cloud Apps to protect Smartsheet deployment. |
Protect your AWS environment using Microsoft Defender for Cloud Apps | This blog walks through how to secure and connect your AWS instance in Microsoft Defender for Cloud Apps. |
Connect AWS for security auditing in Microsoft Defender for Cloud Apps | This video walks through how to connect to AWS for security auditing in Microsoft Defender for Cloud Apps. |
Connect AWS for security configuration in Microsoft Defender for Cloud Apps | This video walks through how to connect to AWS for security configuration in Microsoft Defender for Cloud Apps. |
Connect AWS for laaS protection in Microsoft Defender for Cloud Apps | This video walks through how to connect to AWS for laaS protection in Microsoft Defender for Cloud Apps. |
Improve Your AWS Security posture Using Microsoft Defender for Cloud Apps - Webinar |
This Webinar walks through how to detect threats and identify security risks in your AWS environment using Microsoft Defender for Cloud Apps. NOTE: This webinar was hosted before the product name change, hence the title of the webinar still refers to previous product name "Microsoft Cloud App Security" or "MCAS". |
How Microsoft Defender for Cloud Apps helps protect your oneLogin | This article provides information on how Microsoft Defender for Cloud Apps protects the One Login environment. |
How Microsoft Defender for Cloud Apps helps protect your Zendesk | This article provides information on how Microsoft Defender for Cloud Apps protects the Zendesk environment. |
Connect ServiceNow to Microsoft Defender for Cloud Apps | This article steps through how to connect Microsoft Defender for Cloud Apps to your existing ServiceNow account using the application's API. |
How Defender for Cloud Apps helps protect your ServiceNow environment | This article walks through how to use Microsoft Defender for Cloud Apps to protect your ServiceNow environment. |
Protecting Storage Apps and Malware Detection | This video shows you how Microsoft Defender for Cloud Apps can help you protect your cloud storage apps and ensure that they are not infected with malware. |
Malware detection in Microsoft Defender for Cloud Apps | This article explains how malware detection work in Microsoft Defender for Cloud Apps. |
Configuring a read-only mode for external users | This video walks you through one of the many use-cases focused on external users using Conditional Access App Control - our reverse proxy solution. |
Block unauthorized browsers from accessing corporate web apps | This video detailing the policy configuration required to block unauthorized browsers from accessing corporate web applications. |
Using Admin Quarantine to investigate files | This article is a tutorial that walks through how to use admin quarantine to protect your files. |
Automatically apply labels to your sensitive files | This article is a tutorial that walks through applying labels to a sensitive file. |
Information Protection Policies | This article walks you through how to create information protection policies in Microsoft Defender for Cloud Apps. |
Microsoft Defender for Cloud Apps or MIP? | This blog walks you through some of the top use cases and questions asked regarding when to use Microsoft Defender for Cloud Apps vs when to use MIP. |
AWS with AAD and Microsoft Defender for Cloud Apps | In this video, we walk through the architecture used to configure AWS with AAD and use Microsoft Defender for Cloud Apps to apply additional protections. |
Microsoft Defender for Cloud Apps: How to protect AWS admins and Developers | This blog shows you how to use Microsoft Defender for Cloud Apps to protect AWS Admins and Developers. |
Azure Information Protection integration - How to integrate Azure information Protection with Microsoft Defender for Cloud Apps | This article steps through how to integrate Azure information Protection with Microsoft Defender for Cloud Apps. |
Recommended Microsoft Defender for Cloud Apps policies for SaaS apps - Microsoft 365 Enterprise - Office 365 | This article provides the recommended Microsoft Defender for Cloud Apps policies to use for SaaS applications. |
Microsoft Defender for Cloud Apps Data Protection Blog Series: Microsoft Defender for Cloud Apps DLP Walk-through | This blog walks through how to configure DLP policies using Microsoft Defender for Cloud Apps. |
MDCA: Top 5 Queries you need to save | This blog shares our top five custom queries to save for the five use cases. |
Governance action for Microsoft 365 OAuth apps using app governance - View apps | This document provides information on how to get a list of all of the Microsoft 365 OAuth apps in your tenant. |
Create app policies for Microsoft 365 OAuth apps using app governance | This document outlines how to create app policies for your Microsoft 365 OAuth apps. |
Get started with visibility and insights within app governance | This document provides visibility and insights Defender for Cloud Apps app governance provides and how to view app insights. |
Module 4. Threat Detection
Training Title |
Description |
This article shows you how to create threat protection policies within your Microsoft Defender for Cloud Apps environment. |
|
How Microsoft Defender for identity integrates with Microsoft Defender for Cloud Apps |
This article is designed to help you understand and navigate the enhanced investigation experience in Microsoft Defender for Cloud Apps and MDL |
This video provides an overview of MDI capability | |
Microsoft Defender for Identity Ninja Training | This blog provides information on where you learn more about Microsoft Defender for Identity |
This interactive guide shows you the steps on how to manage threats in Microsoft Defender for Cloud Apps. | |
Microsoft 365 Defender - Hunting with Microsoft Defender for Cloud Apps data |
This video steps you through how to use the advanced hunting capability to investigate incidence using Microsoft Defender for Cloud Apps. |
Investigate anomaly detection alerts for Microsoft 365 OAuth apps using app governance |
This document provides you with general and practical information on each alert within Defender for Cloud Apps app governance, and guidance to help you investigate and remediate anomalous activities and requests. |
Knowledge Check - Microsoft Defender for Cloud Apps Intermediate
Microsoft Defender for Cloud Apps - Advanced [Expert Level]
Module 1. Advanced Level Overview
Training Title | Description |
Introduction to Microsoft Defender for Cloud Apps Advanced Level Training | This video provides a summary of what contents will be covered in the Advanced (Expert level) training. |
Power Automate Blog Series:
Auto-Triage Infrequent Country Alerts using Microsoft Defender for Cloud Apps & Power Automate |
This blog is part of the Power Automate Blog Series. This blog walks through how to auto-triage country alerts using Microsoft Defender for Cloud Apps and Power Automate. |
Triage Infrequent County Alerts using Power Automate and Microsoft Defender for Cloud Apps | This video walks through creating a new Power Automate Flow to automate the triage of infrequent Country alerts in Microsoft Defender for Cloud Apps (Threat Protection Pillar). |
Request user validation to reduce your SOC workloads | This video walks through how to use Power Automate Flow to request user validation for file sharing (Data Protection Pillar). |
Request for Manager Action using Power Automate & Microsoft Defender for Cloud Apps | In this video, we walk through how to use Power Automate Flow to request manager validation for their team. |
Request for Manager Action: Step-by-step guidance | This blog outlines the steps and guidance on using Power Automate Flow to request manager validation for their team. |
Auto-disable malicious inbox rules using Microsoft Defender for Cloud Apps & Power Automate | This video walks you through a new Power Automate Flow on how to remove malicious inbox rules detected in your cloud environment. |
Module 2. Non-Microsoft Party IdP configuration
Training Title | Description |
Integrating PingOne with Microsoft Defender for Cloud Apps for Conditional Access App Control | This article walks you through integrating PingOne with Microsoft Defender for Cloud Apps for Conditional Access App Control using Salesforce as an example. |
Integrating ADFS with Microsoft Defender for Cloud Apps for Conditional Access App Control | This article walks you through integrating ADFS with Microsoft Defender for Cloud Apps for Conditional Access App Control using Salesforce as an example. |
Integrating Okta with Microsoft Defender for Cloud Apps for Conditional Access App Control | This article walks you through integrating Okta with Microsoft Defender for Cloud Apps for Conditional Access App Control using Salesforce as an example. |
Module 3. Conditional Access App Control Steps for non-Microsoft SAAS applications
Training Title | Description |
Workplace for Facebook: Block/Apply DLP downloaded files in Workplace from Facebook with Microsoft Defender for Cloud Apps (CASB) | This video steps through how to use Conditional Access App Control in Microsoft Defender for Cloud Apps for Workplace for Facebook. |
How to use Conditional Access App Control in Microsoft Defender for Cloud Apps for Box. | This video steps through how to use Conditional Access App Control in Microsoft Defender for Cloud Apps for Box. |
Microsoft Defender for Cloud Apps Data Protection Blog Series: Box Real-Time Protections | This blog provides additional guidance on real-time protection for Box. |
Slack: Block chats with sensitive data using Microsoft Defender for Cloud Apps | This video steps through how to block chats with sensitive data using Conditional Access APP Control in Microsoft Defender for Cloud Apps. |
Module 4. SIEM integration
Training Title | Description |
Connect Azure Sentinel | This video details how to connect Azure Sentinel (Microsoft's SIEM + SOAR product) to Microsoft Defender for Cloud Apps. |
Azure Sentinel Entities Enrichment (Users) | This video looks at how you can use the provided playbooks to enrich your impacted user profiles, and then consume it in Sentinel, ServiceNow, or Postman. |
Microsoft Defender for Cloud Apps Infrequent Country triage with Microsoft Sentinel and Logic Apps | This video walks you through the deployment of a playbook to use to triage your Microsoft Sentinel incidents. |
Connect a 3rd Party SIEM | This video details how to connect to third-party SIEM to Microsoft Defender for Cloud Apps. |
Module 5. Advanced Scenarios and Guidance
Training Title | Description |
MDA Operational Guide | The Operational Guide to help SOC and security teams with planning and performing security activities. Particularly useful for new MDA users. |
Indicators of Compromise | This video walks you through how to create custom Indicators of Compromise in Microsoft Defender for Cloud Apps. |
Microsoft Defender for Cloud Apps and Microsoft Threat Protection | This video guides you on how Microsoft is unifying our threat products. |
Block Apps/Sites on iOS (Defender for Endpoint + Microsoft Defender for Cloud Apps) | This video walks through blocking apps and sites on iOS, suing Defender for iOS, and using custom indicators of compromise from Microsoft Defender for Cloud Apps and Defender for Endpoint integration. |
Microsoft Defender for Cloud Apps API Documentation | This article describes how to interact with Microsoft Defender for Cloud Apps over HTTPS. |
Configuring a Log Collector behind a Proxy | This article provides more information on configurations to ensure your log collector works when behind a proxy. |
Automate Microsoft Defender for Cloud Apps Alerts with Power Automate | This interactive guide walks through the steps needed to automate alert management using Power Automate |
Microsoft Defender for Cloud Apps: The Hunt in a multi-stage incident | This blog explains how to use Microsoft 365 Defender to address common alerts from Microsoft Defender for Cloud Apps to determine the threats' scope and impact. |
Microsoft Defender for Cloud Apps: The Hunt for Insider Risk | This blog outlines the use cases for using Microsoft 365 Defender to determine the "Insider Risk" alerts from Microsoft Defender for Cloud Apps. |
Proactively hunt for threats with advanced hunting in Microsoft 365 Defender | This article shows how to proactively hunt for threats using the Advance Hunting Tool in Microsoft 365 Defender. |
GitHub - Microsoft/Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender | This blog provides a list of sample queries for Advance Hunting using Microsoft 365 Defender. |
Module 6. Additional Blogs and Information
Training Title | Description |
Securing Administrative Access to Microsoft Defender for Cloud Apps and Defender for Identities |
This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Defender for Cloud Apps and Defender for Identity (Formerly Azure ATP) |
Limiting Inherited Roles from Azure Active Directory in Microsoft Defender for Cloud Apps | This blog goes over a customer scenario for Microsoft Defender for Cloud Apps and the steps that can be taken to meet their requirements on limiting inherited AAD roles' accesses in Microsoft Defender for Cloud Apps. |
Browse all - Learn | Microsoft Docs Microsoft Defender for Cloud Apps Learning Path | Check out these learning paths for Microsoft Defender for Cloud Apps |
Lifecycle management strategy | Microsoft Docs | This blog provides information on Microsoft Defender for Cloud Apps Lifecycle Management |
Bypass Blocking PDF Preview in OWA | This blogs walks through use cases on using the "Real-Time Control" in Microsoft Defender for Cloud Apps to bypass blocking PDF previews in OWA. |
Tutorial: Require step-up authentication (authentication context) upon risky actions | In this tutorial, we will show you how to protect your organization by requiring Azure AD Conditional Policies to be accessed during sensitive session actions using Microsoft Defender for Cloud Apps' Conditional Access Control. |
Knowledge Check - Microsoft Defender for Cloud Apps Advanced
Once you've finished the training and the knowledge checks, please go to our attestation portal to generate your certificate - you'll see it in your inbox within 3 to 5 business days (Click Here).
We have a great lineup of updates for the next rendition (next quarter). If you'd like anything covered, please comment below. In addition, please reach out to us if you have any content that you would like to include as well.
We hope you all enjoy this training!
Feedback
Let us know if you have any feedback or relevant use cases/requirements for this portion of Microsoft Defender for Cloud Apps by emailing, CASFeedback@microsoft.com and mention the core area of concern.
Learn More
For further information on how your organization can benefit from Microsoft Defender for Cloud Apps, connect with us at the links below:
Join the conversation on Tech Community. Stay up to date—subscribe to our blog. |
Upload a log file from your network firewall or enable logging via Microsoft Defender for Endpoint to discover Shadow IT in your network. |
Learn more—download Top use cases for SaaS Security. |
Connect your cloud apps to detect suspicious user activity and exposed sensitive data. |
Enable out-of-the-box anomaly detection policies and start detecting cloud threats in your environment. |
|
Continue with more advanced use cases across information protection, compliance, and more. |
|
Follow the Microsoft Defender for Cloud Apps Ninja blog and become a Microsoft Defender for Cloud Apps Ninja by taking the Microsoft Defender for Cloud Apps Ninja Training. Go deeper with these interactive guides: · Discover and manage cloud app usage with Microsoft Defender for Cloud Apps · Protect and control information with Microsoft Defender for Cloud Apps · Detect threats and manage alerts with Microsoft Defender for Cloud Apps · Automate alerts management with Microsoft Power Automate and Microsoft Defender for Cloud Apps |
|
To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Defender for Cloud Apps.
Follow us on LinkedIn as #CloudAppSecurity. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft