User Profile
Keith_Fleming
MicrosoftJoined 7 years ago
User Widgets
Recent Discussions
Re: Only browser activities can be found in Activity Log for Conditional Access App control App
etimer today session control will only cover browser not native clients. One way to address this is to block access to native clients on unmanaged devices and force those clients to go through session control.Re: Defender for Cloud Apps policy targeting in CA
stromnessian it's not necessarily possible to define a policy today based on the CA policy that applied the session but you could also consider using a user group. So have a specific user group for the CA policy, then define the same user group for a specific session policy that you would like to apply. Would this cover the scenario in your case?Re: Create a Policy Alert for any Upload Seen to Gmail
Brok3NSpear this is actually the expected behavior. When you look at discovery policies, these are regarding data coming from endpoints or appliances. Activities are based on the data coming from app connectors. In this case it sounds like what you would like to see is a way to get the audit activities from apps that aren't connected or that are just being accessed via the browser?Re: Roadmap is looking bleak
Hi Dan_B1135, For the most recent information I would recommend joining the CCP community so we can communicate the latest items and status under NDA. This also gives you access to the latest previews as well. https://aka.ms/M365DefenderCCPSignUp There are some really interesting items coming soon and we would love to share those with you.Re: Activity policies require conditional access
Hi siastolf, activities policies should trigger anytime the conditions are met, it does not require proxy. Some activities may only be relevant for proxy so it can be helpful to double check the filters that were configured. You can also do something similar with advanced hunting and custom detections on the CloudAppEvents table.Re: File Shared with unauthorized domain
mohammadalkhateeb if these are 1st party applications (SPO/OD) I would recommend using SPO admin center to configure sharing settings only for the domains you want to allow. This will allow you to block upfront in the application itself. One thing to be aware of with Defender for Cloud Apps, if you are using collaborators from domain it will apply to files shared via direct access. This will not include files shared via a link, so you could see some unexpected matching behavior.Re: Comparison between Defender for Cloud Apps AWS Connector VS Defender for Cloud AWS connector?
Charles1575 Defender for Cloud will provide visibility into the overall posture of AWS. This helps you understand what configs should be deployed to better protect your instance. The connector in Defender for Cloud Apps provides visibility from the threat protection side, so events that happen in the organization account itself (audit events). Connecting both will provide the best overall protection.
