Connect Microsoft 365 with Defender for Cloud Apps

Microsoft Defender for cloud apps is now a part of Microsoft 365 Defender. Instead of managing Microsoft Defender for cloud apps from a separate portal, it can now be managed from the Microsoft 365 Defender portal. You can learn more about the transition from this link.

In this article, we will look into the Initial setup of Microsoft Defender for Cloud Apps (Previously Microsoft Cloud App Security), Connect Microsoft 365 App connector with Microsoft Defender for Cloud apps, and Configure its basic settings. We will also create a policy to Block Downloads while using Microsoft 365 Apps from a non-compliant / Unmanaged device.

What is Microsoft Defender for Cloud Apps (MDCA)

Microsoft Defender for Cloud Apps (MDCA) is a cloud access security broker (CASB) that provides rich visibility, and control over data travel including log collection, API connectors, and reverse proxy. It provides visibility and insight into the apps and provides native integration with Microsoft Solutions.

You can connect it to Microsoft or a third-party app to be able to gather the logs and analyze the data to protect the organization against any cyber threats. In the next sections of this blog post, we will see how to connect Microsoft 365 with Defender for Cloud Apps.

Connect Microsoft 365 with Defender for Cloud Apps (MDCA)

Let’s check the steps to connect the Microsoft 365 App with MDCA. We will be using Microsoft 365 Defender portal for creating this connection instead of Microsoft Defender for Cloud Apps portal because Microsoft Defender for Cloud Apps portal is being transitioned or moved to a centralized Microsoft 365 Defender portal.

Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure including Defender for cloud apps.

Before we create a connection between Microsoft 365 app and Microsoft Defender for Cloud apps (MDCA). We will enable file monitoring for Microsoft 365 services from Microsoft 365 Defender portal. Let’s check the steps:

1. Enable file monitoring

Please follow below steps to Enable File monitoring on the Defender portal:

  • Login on the Microsoft 365 Defender portal as Security admin/Global admin.
  • Scroll down on the portal to find Settings > Cloud Apps.
  • Scroll down to Information Protection > Files.
  • Enable the check box Enable file monitoring and click on Save.
Enable file monitoring for Microsoft 365
Enable file monitoring for Microsoft 365

2. Connect Microsoft 365 App with Defender for Cloud Apps

After we have enabled File monitoring for Microsoft 365. The next step is to Connect Microsoft 365 application with Defender for Cloud Apps. We will use Microsoft 365 Defender portal to create this connection.

Connect Microsoft 365 App with Defender for Cloud Apps
Connect Microsoft 365 App with Defender for Cloud Apps
  • Scroll down on the page to find App Connectors option under Connected apps.
  • Click on App Connectors > + Connect an app > Microsoft 365.
App Connector
App connector uses APIs of application providers to communicate with the apps. APIs provide great visibility and control to MDCA over the connected applications. Please note that all communication between MDCA and connected apps is encrypted using HTTPS protocol.
Connect Microsoft 365 App with Defender for Cloud Apps
Connect Microsoft 365 App with Defender for Cloud Apps
  • Select all below events/services for monitoring
    • Azure AD Management events
    • Azure AD Sign-in events
    • Azure AD Apps
    • Office 365 activities
    • Office 365 files
  • Click on Connect Microsoft 365/Office 365 to create this connection.
Connect Microsoft 365 App with Defender for Cloud Apps
Connect Microsoft 365 App with Defender for Cloud Apps
  • A Microsoft 365 / Office 365 connection has been created. Click on Done to proceed.
Connect Microsoft 365 App with Defender for Cloud Apps
Connect Microsoft 365 App with Defender for Cloud Apps
  • Microsoft 365 Status will show as Connected after a few minutes.
Connect Microsoft 365 App with Defender for Cloud Apps
Connect Microsoft 365 App with Defender for Cloud Apps

Configure Integration of Defender for Cloud Apps with Entra ID

After you have created a connection with Microsoft 365 with Defender for Cloud apps. You can now integrate Entra ID as well. Please refer to the blog post: Setup Integration of Defender for Cloud Apps with Entra ID.

Conclusion

In this blog post, we have seen how to create a connection between Microsoft 365 and Defender for Cloud apps. There is a lot more you can do on Microsoft Defender for cloud apps from creating policies to block download of data on Uncompliant devices to monitoring and analyzing the user traffic to Microsoft 365 services.

Leave a Comment