Microsoft Defender for cloud apps is now a part of Microsoft 365 defender. Instead of managing Microsoft defender for cloud apps from a separate portal, it can now be managed from Microsoft 365 defender portal. You can learn more about the transition from this link.
In this article, we will look into the Initial setup of Microsoft defender for Cloud Apps (Previously Microsoft Cloud App Security), Connect Microsoft 365 App connector with Microsoft defender for Cloud apps, Configure its basic settings. We will also create a policy to Block Downloads while using Microsoft 365 Apps from a non-compliant / Unmanaged device.
What is Microsoft Defender for Cloud Apps (MDCA)
Microsoft Defender for Cloud Apps (MDCA) is a cloud access security broker (CASB) that provides rich visibility, control over data travel including log collection, API connectors, and reverse proxy. It provides visibility and insight into the apps and provides native integration with Microsoft Solutions.
You can connect it to Microsoft or third-party app to be able to gather the logs and analyse the data to protect the organization against any cyber theats. In the next sections of this blog post, we will see how to connect Microsoft 365 with Defender for Cloud Apps.
Connect Microsoft 365 with Defender for Cloud Apps (MDCA)
Let’s check the steps to connect Microsoft 365 App with MDCA. We will be using Microsoft 365 Defender portal for creating this connection instead of Microsoft Defender for Cloud Apps portal because Microsoft Defender for cloud apps portal is being transitioned or moved to a centralized Microsoft 365 Defender portal.
Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure including Defender for cloud apps.
Before we create a connection between Microsoft 365 app and Microsoft Defender for Cloud apps (MDCA). We will enable file monitoring on Microsoft 365 defender portal. Let’s check the steps:
1. Enable file monitoring
- Login on Microsoft 365 Defender portal as Global Administrator.
- Scroll down on the portal to find Settings > Cloud Apps.
- Scroll down to Information Protection > Files.
- Enable the check box Enable file monitoring and click on Save.
2. Connect Microsoft 365 App with MDCA
After we have enabled File monitoring in Microsoft 365/Office 365. Next step is to Connect Microsoft 365 application with Defender for Cloud Apps. We will use Microsoft 365 defender portal to create this connection.
While creating a connection with Microsoft 365, At some places you will find Microsoft 365 and at some places you will find Office 365. Both names are being used interchangeably. Could be that Microsoft has not updated Office 365 with Microsoft 365 at all places yet.
- Login on Microsoft 365 Defender portal as Global Administrator.
- Scroll down on the portal to find Settings > Cloud Apps.
- Scroll down on the page to find App Connector option under Connected apps section.
- Click on App Connectors > + Connect an app > Microsoft 365.
| App Connector |
|---|
| App connector uses APIs of application providers to communicate with the apps. APIs provides great visibilty and control to MDCA over the connected applications. Please note that all communication between MDCA and connected apps is encrypted using HTTPS protocol. |
- Select all below events / services for monitoring
- Azure AD Management events
- Azure AD Sign-in events
- Azure AD Apps
- Office 365 activities
- Office 365 files
- Click on Connect Office 365 to create this connection.
- Microsoft 365 connection has been created. Click on Done to proceed.
- Microsoft 365 Status will show as Connected after few minutes.
Configure Integration of Defender for Cloud Apps with Azure AD
After you have created a connection with Microsoft 365 with Defender for Cloud apps. You can now integrate Azure AD as well. Please check the blog post Configure Integration of Defender for Cloud Apps with Azure AD to get a step by step guide on this.
Conclusion
In this blog post, we have seen how to create a connection between Microsoft 365 and Defender for cloud apps. There is a lot more you can do on Microsoft defender for cloud apps by creating policies to block download of data on Uncompliant device to monitoring and analysing the user traffic to Microsoft 365 services.