Getting Started with Microsoft Defender for Cloud Apps
Ғылым және технология
This time I take a look at getting started with Microsoft Defender for CloudApps which is a critical tool in Microsoft 365 security for not only, discovering shadow IT, but also hunting for anomalies and investigating users and apps. A must if you use tools like Intune and Endpoint Manager. As always if you enjoy the video please hit the like & subscribe buttons. Also, any questions please pop them down below. Please note I've also included Timecodes with this video, so you can jump directly to an area of interest. Enjoy :-)
Please visit my website www.Andymalone.org
Timecodes
00:00 Start
01:50 Demo Begins - Endpoint Manager / Intune
03:01 Discovering Shadow IT - CloudApp Discovery
03:33 CloudApp Catalog & Risk Scoring
07:14 Exploring the CloudApp Discovery dashboard
08:55 Sanctioning / Un-sanctioning Apps
13:23 Investigating & Analysing User & App anomalies
18:06 Controlling Apps using Policies & Templates
21:36 Managing incidents with Power Automations
23:38 Managing Alerts
26:11 Enabling Microsoft Defender for Identity
26:35 Session conclusion
Пікірлер: 87
Clear and crisp explanation without beating around bush. You are awesome :)
@AndyMaloneMVP
2 жыл бұрын
Aw thanks so much and great to have you on board 😊
Thank you for the CLEAR and in-depth explanation !
@AndyMaloneMVP
2 жыл бұрын
You’re very welcome and thanks for dropping by.😀
Thank you Andy for the amazing effort!
@AndyMaloneMVP
2 жыл бұрын
Thanks so much for the kind comment, I really appreciate it and great to have you on board
I really like to pace of the demo, anyone can easily listen and digest quickly. Very well done.
@AndyMaloneMVP
2 жыл бұрын
Thanks so much I really appreciate that👍 and welcome to my channel 😀
Favorite comment includes any time you say “this rocks by the way!” Awesome. You Rock Andy! Happy new year!!
@AndyMaloneMVP
2 жыл бұрын
Aw thanks and so do you 👏👏😀
Excellent video, very practical examples. Thanks a lot!
@AndyMaloneMVP
2 жыл бұрын
You are welcome, and thanks for dropping by :-)
Hi Andy, You are one of the best tutor I have ever seen. I am glad that I have found you on youtube. I am getting real benefit in my profession from your resourceful videos. Please carry on helping people
@AndyMaloneMVP
9 ай бұрын
Thanks so much I really appreciate that😊👍
Excellent video thank you!
This video is perfect! Thank you much and Congrats!
@AndyMaloneMVP
2 жыл бұрын
Thanks Laura for your kind comments. I really appreciate it. I’m delighted also that you’re enjoying my videos. All the best, Andy
Excellent video. Thank you!!!
@AndyMaloneMVP
2 жыл бұрын
You’re very welcome, and thank you👍😊
Thank you so much. I am learning lot from your channel. You are definitely one of the best instructor.
@AndyMaloneMVP
2 жыл бұрын
Aw how kind thanks so much and I’m delighted to have you onboard 👍😊
Great video, covered them features in simple and clear way. Thank you!
@AndyMaloneMVP
11 ай бұрын
You’re very welcome 👍
Wow Thank you so much. Great content!
@AndyMaloneMVP
Жыл бұрын
You’re very welcome 🎉👍
Great video, Thank you for sharing.
@AndyMaloneMVP
Жыл бұрын
Thanks for watching!
Great insights on MS Defender for cloud apps. Thanks and cheers !!!
@AndyMaloneMVP
5 ай бұрын
My pleasure!
Hey Andy, That was great content. appreciate ur work.:)
@AndyMaloneMVP
2 жыл бұрын
You’re very welcome and it’s great to have you on board.👍
Excellent knowledge
I attended an office365 course and cert about 8 or 9 yeas ago. It changed my life to your teachings and I am now a consultant and specialising in o365 and mdm management. Another great video and thanks for the clean tand precise teaching you deliver
@AndyMaloneMVP
Жыл бұрын
Hi Dan, Aw what a lovely thing to say. I’m delighted to hear a success story like this. Congratulations on your career, I wish you great success and it was an absolute pleasure. Great to have you on board and thanks for the kind comment.👍😊
@danridgewall3563
Жыл бұрын
@@AndyMaloneMVPNo problem at all, and thanks again. i got the interview of a lifetime coming up so refreshing with your videos :)
@AndyMaloneMVP
Жыл бұрын
@@danridgewall3563 the best of luck my friend. Let me know how it goes😊👍
Thank You. helped me alot!
@AndyMaloneMVP
Жыл бұрын
Delighted to it👍
Thank you so much sir...it is very clear and easy
@AndyMaloneMVP
Жыл бұрын
You are most welcome
Very very useful and nice explanation.
@AndyMaloneMVP
2 жыл бұрын
You’re very welcome and thanks for the kind comment.👍😊
Love it.
@AndyMaloneMVP
2 жыл бұрын
Thank you kindly
great work
@AndyMaloneMVP
2 жыл бұрын
Thanks I appreciate that
Nice!
@AndyMaloneMVP
2 жыл бұрын
Thanks
Thankyou Sir
Good job , you need to do more indepth MCAS/MDCA. You got this art of making things so simple and comprehensible..
@AndyMaloneMVP
2 жыл бұрын
Thanks Jenney for your kind comment, I’ll take a look at that for you in due course. All the best, Andy
ありがとうございます👏
What a great videos. It saved me a lot of time from reading the Microsoft docs.
@AndyMaloneMVP
2 жыл бұрын
Great to hear from you and thanks for the nice comment, it’s very much appreciated.
Thank you for the awesome video1 I went through it from beginning to the end and it helped me a lot to understand it. I do have a few questions if I may? (as I don't currently have access to any demo environment to play around to understand) - What if there are some cloud services that M defender 365 CAN'T DETECT? say, not on their 31000 list. How can Defender do to detect those? - Is it more for real-time monitoring? But, what if I want to download the data and do some analysis, say, to find out all the (API connection excluded) web traffic and figure out what type of structured data has been transferred during a chosen period of time - is there any module of Defender can help? Not sure if you'll see these questions, but thanks heaps in advance!
@AndyMaloneMVP
Жыл бұрын
Defender uses AI and machine learning to detect behavioural anomalies. Anything, that wouldn’t look right, would get picked up.
Great vid, thanks :) Have a question, I presume the Discovery funcationality only picks up apps (shadow IT) used by AAD managed accounts? Or can it discover apps used by other (e.g. private) accounts on a managed endpoint?
@AndyMaloneMVP
2 жыл бұрын
Initially Microsoft based on 365 & Azure. But you can connect to MANY 3rd party platforms inc, Google, Amazon, Salesforce etc etc. You can also install connectors on premise to capture an analyse data running on internal apps.
@markusj4729
2 жыл бұрын
@@AndyMaloneMVP Thank you for the response. So lets say you work on a company device/endpoint, and use your personal Gmail or Dropbox - will mcas block that (based on IP maybe) or does it only block apps where you use work account (via Azure AD)? :) Thanks
A very clear information. Request more lessons from you on security front on M365
@AndyMaloneMVP
2 жыл бұрын
You’re very welcome absolutely there’s plenty more coming soon
Thank you for the video. How would Defender for Cloud Apps block users from using certain apps (12:08), especially 3rd party? Is it connected to Endpoint Defender and stops a user from logging in somewhere or how can I imagine this?
@AndyMaloneMVP
Жыл бұрын
You can block any discovered apps via a combination of Defender for cloudapps. docs.microsoft.com/en-us/defender-cloud-apps/governance-discovery
Thank you for the overview of this service. I do have a question: How do I integrate the exclusion groups from 365 Defender (ie: facebook) into MSDef for CA --group that is unsanctioned. I am having a difficult time trying to figure this one out. Any help will be appreciated!
@AndyMaloneMVP
Жыл бұрын
Hi Jan, thanks for the question. To be honest I think you better ask this question on the Microsoft tech community. I think he would get a faster response to be honest. My technical support capabilities are limited because of time. The best of luck and thanks again
So much informatorom and so well put! I still have 2 questions though: 1. what’s the difference between discovered apps and cloud app catalog? 2. How can I get a report / export the cloud app catalog? Thank you ☺️
@AndyMaloneMVP
Жыл бұрын
Discovered apps are the result of a collection process. The cloudapp catalog is a database of all vendor apps.
@OrangeJess
Жыл бұрын
@@AndyMaloneMVP thanks so much! Is there a way to export the cloud app catalog?
Create video , really thank you . have a question :how do we add exchange and teams to Conditional access app control I add them, but the setup is incorrect asking me all the time to continue setup please help with it, to configure this step, I searched all the internet cannot find the wright way it always asking for SAML file which i don't have experience all what I need is to make a conditional access session access linked to defender for cloud app could I have your email to send you screen shout of my problem .
@AndyMaloneMVP
2 жыл бұрын
Yous seems to be a specific question. For this I would recommend that you have a look at the docs.microsoft.com site as I believe all the settings are explained here.
How do we enable this so it shows the Apps, we have turned on the integration under advanced features, but still asks us to create a report and is totally blank compared to your example.
@AndyMaloneMVP
2 жыл бұрын
The example that I’m using for my demo has been preloaded with data. The idea of running a report will allow it to collect information on the apps that you are running in your environment. I recommend that you take a look at the getting started guide on toast on microsoft.com. The best of luck and thanks for reaching out.
Good day, Andy. How to delete app from app connector menu?
@AndyMaloneMVP
2 жыл бұрын
You can’t. Only block it. Actually as I write this I think you can do it via PowerShell.
Not getting Cloud discovery dashboard option under Discover
@AndyMaloneMVP
2 жыл бұрын
Are you licensed and have the permissions.
What license do you need to get this working? When adding the Microsoft Defender for Cloud Apps and adding this license to userr, i still do no see activity (login for exampe) for other users. Only myself. Also my Discover Dashboard is empty. I only have Cloud app catalog.
@AndyMaloneMVP
Жыл бұрын
All users have to be licensed.
@marcelbruijniks4304
Жыл бұрын
@@AndyMaloneMVP They are and I do see them in Users. I have added the license to users that need to be monitored. In your demo the Discover screen shows far more options then mine. What more do I need to do or add to get this working? Thanks.
@AndyMaloneMVP
Жыл бұрын
@@marcelbruijniks4304 the options you see delivery end upon the licence you’re using. In my demo I’m using an E5 & EM&S
@sachinmalhotra231
Ай бұрын
Hi @andy do you have any complete course for casb
how does microsoft casb perform outside of microsoft suite ?
@AndyMaloneMVP
Жыл бұрын
It's fabulous. It looks at all apps, and you can extend its capabilities with connectors to AWS, Google and sooooo many more.
I have been confused for months with this Microsoft terminology in Defender for Cloud Apps. Why does "sanctioned" mean "allow" and unsanctioned mean "block" in the eyes of Microsoft? I mean we all know what sanctioned and unsanctioned mean but it should be the other way around or I am missing something here
@karins.5807
Ай бұрын
Sanction is a strange choice of terminology because it has opposing meanings. It can mean “to authorize” or it can mean “to impose a penalty for disobeying a law or rule”. In this case, it’s the former.
@Noursbear
Ай бұрын
@@karins.5807 OK thanks...Cheers....
Sarita is the wife of bad😊 neighbour