With Microsoft app governance, you can:
- Easily monitor the threat alerts that are being generated by built-in app governance detection methods for malicious app activities and policy-based alerts generated by active app policies that you create. These alerts can indicate anomalies in app activity and when non-compliant, malicious, or risky apps are used. You can also use patterns in alerts to create new app policies or modify the settings of existing policies for more restrictive actions.
- Easily remediate alerts either manually after investigation or automatically through the action settings on active app policies.
Anomalous activities from Azure-only apps that are not granted permissions to access Microsoft 365 resources are not included in app governance detection and alerting.
See the administrator roles for which roles can access app governance pages.
App governance integration with Azure Active Directory and Defender for Cloud Apps
App governance, Azure Active Directory (Azure AD), and Defender for Cloud Apps collect and provide different data sets:
- App governance provides detailed information about an app’s activity at the API level.
- Azure AD provides foundational app metadata and detailed information on sign-ins to apps.
- Defender for Cloud Apps provides app risk information.
By sharing information across app governance, Azure AD, and Defender for Cloud Apps, you can display aggregate information in one portal and easily link to another portal for more information. Here are some examples:
- App sign-in information in app governance:
From the app governance portal, you can see the aggregated sign-in activity for each app and link back to the Azure Active Directory admin center for the details of sign-in events.
- API usage information in the Defender for Cloud Apps portal:
From the Defender for Cloud Apps portal, you can see API usage level and aggregate data transfer and link to the app governance portal for the details.
Here’s a summary of the integration.
Additionally, app governance sends its alerts as signals to Defender for Cloud Apps and Microsoft 365 Defender for more detailed analysis of app-based security incidents.