This article is Step 2 of 2 in the process of setting up the evaluation environment for Microsoft Defender for Cloud Apps. For more information about this process, see the overview article.
This article walks you through the process of accessing the Defender for Cloud Apps portal and configuring the necessary integration to collect cloud app traffic data.
To discover cloud apps used in your environment, you can do one or both of the following:
- Get up and running quickly with Cloud Discovery by integrating with Microsoft Defender for Endpoint. This native integration enables you to immediately start collecting data on cloud traffic across your Windows 10 and Windows 11 devices, on and off your network.
- To discover all cloud apps accessed by all devices connected to your network, deploy the Defender for Cloud Apps log collector on your firewalls and other proxies. This collects data from your endpoints and sends it to Defender for Cloud Apps for analysis. Defender for Cloud Apps natively integrates with some third-party proxies for even more capabilities.
This article includes guidance for both methods.
Use the following steps to set up Microsoft Defender for Cloud Apps.
- Step 1. Connect to the Defender for Cloud Apps portal
- Step 2. Integrate with Microsoft Defender for Endpoint
- Step 3. Deploy the Defender for Cloud Apps log collector on your firewalls and other proxies
- Step 4. View the Cloud Discovery dashboard to see what apps are being used in your organization
Step 1. Connect to the Defender for Cloud Apps portal
To verify licensing and to connect to the Defender for Cloud Apps portal, see Quickstart: Get started with Microsoft Defender for Cloud Apps.
If you’re not immediately able to connect to the portal, you might need to add the IP address to the allow list of your firewall. See Basic setup for Defender for Cloud Apps.
If you’re still having trouble, review Network requirements.
Step 2. Integrate with Microsoft Defender for Endpoint
Microsoft Defender for Cloud Apps integrates with Microsoft Defender for Endpoint natively. The integration simplifies roll out of Cloud Discovery, extends Cloud Discovery capabilities beyond your corporate network, and enables device-based investigation. This integration reveals cloud apps and services being accessed from IT-managed Windows 10 and Windows 11 devices.
If you’ve already set up Microsoft Defender for Endpoint, configuring integration with Defender for Cloud Apps is a toggle in Microsoft 365 Defender. After integration is turned on, you can return to the Defender for Cloud Apps portal and view rich data in the Cloud Discovery Dashboard.
To accomplish these tasks, see Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud Apps.
Step 3. Deploy the Defender for Cloud Apps log collector on your firewalls and other proxies
For coverage on all devices connected to your network, deploy the Defender for Cloud Apps log collector on your firewalls and other proxies to collect data from your endpoints and send it to Defender for Cloud Apps for analysis.
If you’re using one of the following Secure Web Gateways (SWG), Defender for Cloud Apps provides seamless deployment and integration:
- Zscaler
- iboss
- Corrata
- Menlo Security
For more information on integrating with these network devices, see Set up Cloud Discovery.
Step 4. View the Cloud Discovery dashboard to see what apps are being used in your organization
The Cloud Discovery dashboard is designed to give you more insight into how cloud apps are being used in your organization. It provides an at-a-glance overview of what kinds of apps are being used, your open alerts, and the risk levels of apps in your organization.
To get started using the Cloud Discovery dashboard, see Working with discovered apps.