Use the following steps to set up and configure the pilot for Microsoft Defender for Cloud Apps.
- Step 1. Create the pilot group — Scope your pilot deployment to certain user groups
- Step 2. Configure protection — Conditional Access App Control
- Step 3. Try out capabilities — Walk through tutorials for protecting your environment
Step 1. Create the pilot group — Scope your pilot deployment to certain user groups
Microsoft Defender for Cloud Apps enables you to scope your deployment. Scoping allows you to select certain user groups to be monitored for apps or excluded from monitoring. You can include or exclude user groups. To scope your pilot deployment, see Scoped Deployment.
Step 2. Configure protection — Conditional Access App Control
One of the most powerful protections you can configure is Conditional Access App Control. This requires integration with Azure Active Directory (Azure AD). It allows you to apply Conditional Access policies, including related policies (like requiring healthy devices), to cloud apps you’ve sanctioned.
The first step in using Microsoft Defender for Cloud Apps to manage SaaS apps is to discover these and then add them to your Azure AD tenant. If you need help with discovery, see Discover and manage SaaS apps in your network. After you’ve discovered apps, add these to your Azure AD tenant.
You can begin to manage these by doing the following:
- First, in Azure AD, create a new conditional access policy and configure it to “Use Conditional Access App Control.” This redirects the request to Defender for Cloud Apps. You can create one policy and add all SaaS apps to this policy.
- Next, in Defender for Cloud Apps, create session policies. Create one policy for each control you want to apply.
For more information, including supported apps and clients, see Protect apps with Microsoft Defender for Cloud Apps Conditional Access App Control.
For example policies, see Recommended Microsoft Defender for Cloud Apps policies for SaaS apps. These policies build on a set of common identity and device access policies that are recommended as a starting point for all customers.
Step 3. Try out capabilities — Walk through tutorials for protecting your environment
The Microsoft Defender for Cloud Apps documentation includes a series of tutorials to help you discover risk and protect your environment.
Try out Defender for Cloud Apps tutorials:
- Detect suspicious user activity
- Investigate risky users
- Investigate risky OAuth apps
- Discover and protect sensitive information
- Protect any app in your organization in real time
- Block downloads of sensitive information
- Protect your files with admin quarantine
- Require step-up authentication upon risky action
For more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the video.