We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.
You can integrate Microsoft Defender for Cloud Apps with your other security investments to leverage and enhance an integrated ecosystem of protection. For example, you can integrate with external mobile device management solutions, UEBA solutions, and external threat intelligence feeds.
The Defender for Cloud Apps robust platform allows you to integrate with a wide variety of external security solutions, including:
- Threat Intelligence (TI) feeds (Bring You Own TI)
You can use the Defender for Cloud Apps IP address range API to add new risky IP address ranges identified by third-party TI solutions. Once defined, IP address ranges allow you to tag, categorize, and customize the way logs and alerts are displayed and investigated.
- Mobile Device Management (MDM) / Mobile Threat Defense (MTD) solutions
Defender for Cloud Apps provides real-time, granular session controls. A key factor in the assessment and protection of sessions is the device used by the user, which helps build a comprehensive identity. A device’s management status can be identified either directly through the device management status in Azure Active Directory (Azure AD), Microsoft Intune, or more generically through the analysis of client certificates that allow integration with a variety of third-party MDM and MTD solutions.
Defender for Cloud Apps can leverage signals from external MDM and MTD solutions to apply session controls based on a device’s management status.
- UEBA solutions
You can use multiple UEBA solutions to cater for different workloads and scenarios, where each UEBA solution relies on multiple data sources to identify suspicious and anomalous user behavior. External UEBA solutions can be integrated with Microsoft’s security ecosystem through Azure AD Identity Protection.
Once integrated, policies can be used to identify risky users, apply adaptive controls, and automatically remediate risky users by setting the user’s risk level to high. Once a user is set to high, the relevant policy actions are enforced, such as resetting a user’s password, requiring MFA authentication, or forcing a user to use a managed device.
Defender for Cloud Apps allows security teams to automatically or manually confirm a user as compromised, to ensure fast remediation of compromised users.
If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.