![]() For more information, see Govern discovered apps using Microsoft Defender for Endpoint. Also, with Defender for Endpoint you can monitor applications and use the "warn and educate" capabilities. Moreover, you can scope blocking to specific device groups. If your tenant uses Microsoft Defender for Endpoint, once you mark an app as unsanctioned, it's automatically blocked. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.Īfter you've reviewed the list of discovered apps in your environment, you can secure your environment by approving safe apps ( Sanctioned) or prohibiting unwanted apps ( Unsanctioned) in the following ways. Optionally, specify the app's Business unit.Īssign a risk Score and add App Notes to help you track changes for this record.Īfter the app is created, it's available for you in the Cloud App Catalog.Īt any time, you can select the three dots at the end of the row to edit or delete a custom app.Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. If the data source you're using doesn't have app URL information, make sure you fill in the IPv4 and IPv6 address fields.Īdd the Hosting platform and Azure Subscription ID. These domains are used to match traffic log messages to this app. Under Domains, fill in the unique domains that are used when accessing the custom app. In the top right corner, select the Action menu and then select Add new custom app.įill in the fields to define the new app record that will be listed in the Cloud App Catalog and in Cloud Discovery after it's discovered in your firewall logs. You should see the Cloud Discovery dashboard. In the Microsoft 365 Defender portal, under Cloud Apps, select Cloud Discovery. To gain visibility into cloud apps that are excluded from the Cloud App Catalog, Defender for Cloud Apps enables you to discover use of custom cloud apps (LOB apps) that were developed or assigned specifically for your organization.īy adding a new custom cloud app, Defender for Cloud Apps can match uploaded firewall and proxy traffic log messages to the app and then provide you with visibility into the use of this app across your organization in the Cloud Discovery pages, such as how many users use the app, how many unique source IP addresses use it, and how much traffic is transmitted to and from the app. The catalog contains publicly available cloud apps only, for which Defender for Cloud Apps provides visibility and risk information. Over 31,000 cloud apps are in the Cloud App Catalog. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.Ĭloud Discovery analyzes your traffic logs against the Defender for Cloud Apps catalog. Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |