Security
Reader small image

You're reading from  Microsoft 365 Security and Compliance for Administrators

Product typeBook
Published inMar 2024
PublisherPackt
ISBN-139781837638376
Edition1st Edition
Concepts
Cybersecurity
Right arrow
Authors (2):
Sasha Kranjac
Sasha Kranjac
author image
Sasha Kranjac

Sasha Kranjac has been recognized as a Microsoft Regional Director (RD), Microsoft Most Valuable Professional (MVP) in two categories (Azure and Security), he is Microsoft Certified Trainer (MCT), MCT Regional Lead, Certified EC-Council Instructor (CEI), a CompTIA Instructor, speaker at international conferences, user groups, and events, and a book author on cloud security, Microsoft Azure, Microsoft 365, and Windows Server. Sasha is the CEO of Kloudatech, an IT training and consulting company, a Microsoft Partner, an AWS Partner, and a CompTIA Authorized Delivery Partner, specialized in cybersecurity, cloud security architecture and IT training. They deliver high quality vendor and custom IT training and PowerClass Workshops internationally. He is also the CEO of Kranjac Consulting and Training, a consulting, training, and engineering company, specialized in civil engineering and CAD design.
Read more about Sasha Kranjac

Omar Kudović
Omar Kudović
author image
Omar Kudović

Omar Kudovic works as a Senior System Engineer in SYS Company d.o.o. Sarajevo. He has a few professional Microsoft certifications, such as Security Expert: Cybersecurity Architect and Azure Enterprise Expert. For the last 12 years, he has been awarded the Microsoft Most Valuable Professional (MVP) in the Office 365 Apps and Services category. For the past few years, he has been actively working on the application of Microsoft Security and Compliance solutions in government and business organizations. Participated as a lecturer at hundreds of IT conferences in the world. In private life, passionate music collector and audiophile.
Read more about Omar Kudović

View More author details
Right arrow

Microsoft Defender for Cloud Apps

In our increasingly digital world, where businesses and organizations rely on cloud-based applications and services for their daily operations, ensuring the security of data and applications in the cloud has become an utmost priority. This is where Microsoft Defender for Cloud Apps steps in as a guardian of your cloud-based assets, helping you navigate the complex landscape of cloud security threats and challenges. This chapter serves as your entry point into the realm of Microsoft Defender for Cloud Apps, offering a comprehensive introduction to its essential concepts, core features, and its vital role in safeguarding your cloud-based environment SaaS applications.

As we delve into this chapter, we will explore the fundamental principles that underlie Microsoft Defender for Cloud Apps, its integration with various cloud platforms, and how it empowers organizations to proactively detect, analyze, and respond to cloud-based threats. We will be covering...

Introducing Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a cloud-native security solution that provides advanced threat protection for your SaaS applications. It is designed to help organizations secure their cloud-based assets and protect them against a wide range of cyber threats, such as malware, phishing, ransomware, and other attacks.

Microsoft Defender for Cloud Apps is part of Microsoft Defender XDR, which includes Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity. These solutions work together to provide a comprehensive, integrated approach to security that spans across endpoints, applications, identities, and data. With Microsoft Defender for Cloud Apps, organizations can gain visibility of the security of their cloud applications and services, detect and respond to threats in real time, and enforce security policies and controls to protect against unauthorized access and data breaches.

One...

Technical and license requirements

Microsoft Defender for Cloud Apps is a cloud-native security solution that provides visibility of your cloud applications and detects and blocks threats targeting your cloud environment. The technical and license requirements for Microsoft Defender for Cloud Apps are as follows:

Technical requirements:

  • Supported cloud services: Microsoft Defender for Cloud Apps currently supports these major cloud services: Microsoft 365, Google Workspace, Salesforce, Box, Dropbox, Citrix ShareFile, ServiceNow, and many more
  • Supported operating systems: Microsoft Defender for Cloud Apps can be used on any operating system that supports a modern web browser
  • Required permissions: To use Microsoft Defender for Cloud Apps, you must have the necessary permissions to connect to your cloud applications and to configure security policies

License requirements:

  • Microsoft 365 E5 or Microsoft 365 E5 Security: Microsoft Defender for Cloud Apps...

Configuring Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a cloud-native security solution that helps organizations protect their cloud applications and services from cyber threats. Cloud Discovery is one of the key features of Microsoft Defender for Cloud Apps, which allows organizations to discover and gain visibility of their cloud apps and services. It offers advanced threat protection capabilities, including behavioral analytics, machine learning, and security intelligence, to detect and prevent cloud-based attacks.

Cloud apps have become an integral part of modern-day organizations, making it essential to monitor and manage their usage. Microsoft offers two solutions for discovering and monitoring cloud apps in an organization’s environment: Microsoft Defender for Cloud Apps and Cloud App Discovery.

Cloud App Discovery works by analyzing network traffic between client devices and cloud applications to identify which cloud apps and services...

Managing OAuth applications with Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps allows you to manage OAuth apps for your organization. OAuth apps are third-party applications that access your organization’s data using OAuth tokens. But what is an OAuth app?

OAuth (short for Open Authorization) is a standard protocol that allows users to grant third-party applications access to their resources without sharing their credentials. An OAuth app, also known as an OAuth client, is a third-party application that uses OAuth to access protected resources on behalf of the user. When a user grants an OAuth app access, the app receives an access token that allows it to access specific resources, such as data or services, without the user having to share their username and password. This access token is typically short-lived and can be revoked by the user at any time.

OAuth apps are commonly used by cloud services and web applications to access user data stored...

Managing files in Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps allows organizations to provide protection and visibility for cloud-based applications and services. It allows you to manage and monitor file activities in your cloud applications, including OneDrive, SharePoint, Exchange Online, and Teams. You can simply create different policies for different purposes and manage activity for all your files stored online in a Microsoft 365 environment. You can create a policy to manage files in Microsoft Defender for Cloud Apps by following these steps:

  1. Sign in to the Microsoft Defender Security Center (https://securitycenter.windows.com/).
  2. In the left-hand pane, click on Cloud apps and then click on Files:
Figure 6.27 – Managing files in MDCA

Figure 6.27 – Managing files in MDCA

  1. On the Files management page, click on Select a query to view the list of predefined queries. Use Advanced filters on the right side if you need more options for search...

Managing the activity log in Microsoft Defender for Cloud Apps

If you are already creating different policies for managing files in Microsoft Defender for Cloud Apps, now you can create a policy for monitoring different activities on selected files. Microsoft Defender for Cloud Apps provides an activity log that allows you to monitor and review events and activities performed in your cloud environment. Here are the steps to manage the activity log in Microsoft Defender for Cloud Apps:

  1. Open the Microsoft Defender for Cloud Apps portal (the portal is located in the Security Admin Center) and sign in with your credentials.
  2. In the left navigation menu, select Activity log.
Figure 6.34 – Activity log in MDCA

Figure 6.34 – Activity log in MDCA

  1. On the Activity log page, you can filter the events based on date, severity, category, or service. Click on Select a query to choose one of the options for a quick overview.
Figure 6.35 – Select a query

Figure 6.35 –...

Governance log

The governance log in Microsoft Defender for Cloud Apps is a feature that enables administrators to track all administrative activities performed in the Defender for Cloud Apps portal. The governance log records events related to policy configurations, user and group management, and other administrative tasks, providing a detailed audit trail of all the changes made in the portal. This log is an essential component of a comprehensive cloud app security strategy, allowing organizations to monitor and investigate administrative activities in the portal and detect any suspicious or unauthorized activities.

The governance log captures various types of events related to the administration of Defender for Cloud Apps, including the following:

  • Policy management: Events related to policy creation, modification, deletion, and assignment, including changes to policy settings and configurations
  • User and group management: Events related to user and group creation,...

Microsoft Defender for Cloud Apps policies

Microsoft Defender for Cloud Apps provides a comprehensive set of preconfigured policies to help organizations secure their Microsoft cloud environment. Policies are a set of rules and configurations that define how Microsoft Defender for Cloud Apps works and what actions it takes when it detects a security threat or vulnerability. Keep in mind that Microsoft Entra ID protection policies have been removed from the Defender for Cloud Apps policy list.

Figure 6.44 – MDCA policies

Figure 6.44 – MDCA policies

Microsoft Defender for Cloud Apps provides a wide range of preconfigured policies that organizations can use to secure their Microsoft cloud environment. The best policies to use with Microsoft Defender for Cloud Apps may vary depending on the specific needs and security requirements of an organization. Here is a small selection of predefined Microsoft Defender for Cloud Apps policies that you can use:

  • Suspicious inbox forwarding...

Summary

In today’s cloud-centric world, securing cloud applications and services has become a top priority for organizations. Microsoft Defender for Cloud Apps is a cloud-native security solution that can help organizations secure their Microsoft cloud environments against various cyber threats. It provides advanced security features, such as real-time protection, vulnerability assessments, and compliance management, which can significantly enhance an organization’s security posture.

Even though Microsoft Defender for Cloud Apps is a cloud-native security solution that helps organizations secure their cloud applications and services against various cyber threats, it is very good to know the limitations of this service. Microsoft Defender for Cloud Apps provides protection for Microsoft cloud applications and services as well as different third-party applications that are widely used by organizations. Organizations should carefully evaluate their security needs and...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 17
Next Chapter
You have been reading a chapter from
Microsoft 365 Security and Compliance for Administrators
Published in: Mar 2024Publisher: PacktISBN-13: 9781837638376
© 2024 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Sasha Kranjac

Sasha Kranjac has been recognized as a Microsoft Regional Director (RD), Microsoft Most Valuable Professional (MVP) in two categories (Azure and Security), he is Microsoft Certified Trainer (MCT), MCT Regional Lead, Certified EC-Council Instructor (CEI), a CompTIA Instructor, speaker at international conferences, user groups, and events, and a book author on cloud security, Microsoft Azure, Microsoft 365, and Windows Server. Sasha is the CEO of Kloudatech, an IT training and consulting company, a Microsoft Partner, an AWS Partner, and a CompTIA Authorized Delivery Partner, specialized in cybersecurity, cloud security architecture and IT training. They deliver high quality vendor and custom IT training and PowerClass Workshops internationally. He is also the CEO of Kranjac Consulting and Training, a consulting, training, and engineering company, specialized in civil engineering and CAD design.
Read more about Sasha Kranjac

author image
Omar Kudović

Omar Kudovic works as a Senior System Engineer in SYS Company d.o.o. Sarajevo. He has a few professional Microsoft certifications, such as Security Expert: Cybersecurity Architect and Azure Enterprise Expert. For the last 12 years, he has been awarded the Microsoft Most Valuable Professional (MVP) in the Office 365 Apps and Services category. For the past few years, he has been actively working on the application of Microsoft Security and Compliance solutions in government and business organizations. Participated as a lecturer at hundreds of IT conferences in the world. In private life, passionate music collector and audiophile.
Read more about Omar Kudović

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages