Defender for Cloud Apps - Lock Down Your Cloud Apps & Protect Data

Jonathan Edwards
30 Aug 202420:49

Summary

TLDRIn this video, Jonath Edwards, known as the '365 Guy,' discusses Microsoft Defender for Cloud Apps, a tool that helps businesses monitor and block certain cloud applications. He explains how it integrates with Microsoft 365, detailing features like Cloud App Discovery, which uncovers cloud apps in use, and the ability to sanction or block apps for security purposes. Edwards also highlights licensing options and the added benefits of security monitoring and automated responses to potential threats, providing a comprehensive guide on using this tool to safeguard business data.

Takeaways

  • 🛡️ Microsoft Defender for Cloud Apps helps businesses block and manage cloud applications they don't want employees using.
  • 💼 It's part of the Microsoft Defender for Business suite and can also monitor apps for security issues and automate responses.
  • 💸 The full version of Defender for Cloud Apps requires a Microsoft 365 E5 license, which costs about £50.30 per user per month, but there are alternatives like the Enterprise Mobility and Security E5 license.
  • 🔍 One key feature, Cloud App Discovery, identifies all cloud applications being used in a business, even if the owner is unaware.
  • 📈 The full version offers continuous, automated reports by integrating with Microsoft Defender for Endpoint, whereas the business premium version only provides point-in-time reports.
  • 📊 The Cloud App Catalog evaluates over 30,000 cloud applications, scoring them based on 90 different factors like security and compliance.
  • ✅ Businesses can sanction, unsanction, or monitor applications. Monitored apps will trigger a warning, but employees can still use them if necessary.
  • 🚫 Unsanctioned apps will be blocked completely from usage within the organization using Microsoft Defender for Endpoint.
  • 🔔 Defender for Cloud Apps includes security monitoring and can detect suspicious activities like account compromises or data sharing with personal emails, sending alerts to IT and taking immediate action.
  • 📜 Policies can be customized to fit business needs, such as blocking suspicious forwarding or restricting data shared with personal email addresses.

Q & A

  • What is the main topic of the video?

    -The video focuses on Microsoft Defender for Cloud Apps, a tool that helps businesses monitor and control the use of cloud applications, block unwanted apps, and enhance security.

  • What is Cloud App Discovery and what does it do?

    -Cloud App Discovery is a feature of Defender for Cloud Apps that identifies and monitors the cloud applications used in an organization. It helps business owners see which apps are being accessed and offers insights on their usage.

  • What are the two ways to use Cloud App Discovery?

    -The first method, available with Microsoft 365 Business Premium, involves uploading log files from local firewalls. The second, available with the full Defender for Cloud Apps, integrates directly with Microsoft Defender for Endpoint, providing continuous and automated reporting.

  • What licensing options are available to access the full version of Defender for Cloud Apps?

    -To access the full version, businesses need either the Microsoft 365 E5 license or the Enterprise Mobility and Security (EMS) E5 license. The E5 licenses provide more comprehensive features compared to the limited version in Microsoft 365 Business Premium.

  • How does the Cloud App Catalog help businesses manage cloud applications?

    -The Cloud App Catalog evaluates over 33,000 cloud apps based on 90 factors, allowing businesses to sanction, unsanction, or monitor applications based on their security and compliance features. This helps companies control app usage effectively.

  • What happens when an app is unsanctioned in Defender for Cloud Apps?

    -When an app is unsanctioned, users are blocked from accessing it. If the business uses Microsoft Defender for Endpoint, the system can automatically prevent access to unsanctioned apps across all connected devices.

  • Can users bypass a blocked application, and how does the system handle this?

    -Yes, if an app is set to 'monitored,' users can bypass the block for a certain period (e.g., 1 hour). However, for unsanctioned apps, the system fully blocks access without an option to bypass.

  • How does Defender for Cloud Apps enhance security by monitoring user behavior?

    -Defender for Cloud Apps can detect security risks, like suspicious user behavior (e.g., impossible travel or data sharing with personal email addresses), and automatically take action, such as suspending the user or sending alerts to IT.

  • What is the 'impossible travel' policy in Defender for Cloud Apps?

    -The 'impossible travel' policy detects when a user logs in from two geographically distant locations in a short time, which could indicate a security breach. The system can alert IT or suspend the user’s account if necessary.

  • Can Defender for Cloud Apps prevent data from being shared with personal email addresses?

    -Yes, businesses can set policies that restrict or monitor data being shared with personal email addresses. For instance, a policy could automatically apply sensitivity labels to files, preventing external access to sensitive data.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now