Turn on app governance for Microsoft Defender for Cloud Apps
This article describes how to turn on Microsoft Defender for Cloud Apps app governance.
Note
By default, the Microsoft Defender for Cloud Apps instance in the US Government environments cannot connect to resources in Azure commercial and is FedRAMP compliant. However, App Governance is not FedRAMP compliant. Enabling App Governance would allow data to flow non-FedRAMP certified environments.
Prerequisites
Before you start, verify that you satisfy the following prerequisites:
Microsoft Defender for Cloud Apps must be present in your account as either a standalone product or as part of the various license packages.
If you aren't already a Defender for Cloud Apps customer, you can sign up for a free trial.
You must have one of the appropriate roles to turn on app governance and access it.
Your organization's billing address must be in a region other than Brazil, Singapore ,Latin America, South Korea, Switzerland, Norway, South Africa, Sweden or United Arab Emirates.
Your organization must use the commercial cloud, and not a government cloud. App governance isn't yet available in government clouds.
Turn on app governance
If your organization satisfies the prerequisites, go to Microsoft Defender XDR > Settings > Cloud Apps > App governance and select Use app governance. For example:
After you've signed up for app governance, you'll need to wait up to 10 hours to see and use the product.
If you're unable to see the app governance option in the settings page, it might be due to one or more of the following reasons:
App governance isn't yet supported in your region.
Your organization is in a government cloud.
We're unable to serve you at the moment due to capacity constraints.
You can join the waitlist and provide your consent, so that we can turn on app governance for your organization automatically when app governance becomes available for you. When we turn on app governance, we'll notify you by email.
For example:
Licensing
App governance is available to organizations with a valid Defender for Cloud Apps license. For more information, see the Microsoft 365 licensing datasheet.
Roles
You must have one of these roles to turn on app governance:
- Global Admin
- Company Admin
- Security Admin
- Compliance Admin
- Compliance Data Admin
- Cloud App Security admin
The following table lists the app governance capabilities for each role.
| Role | Read the dashboard | Read all apps | Read policies | Create, update, or delete policies | Read alerts | Update alerts | Read settings | Update settings | Read Remediation | Update Remediation |
|---|---|---|---|---|---|---|---|---|---|---|
| Company or Global Administrator |  |
|
|
|
|
|
|
|
|
|
| Compliance Administrator | |
|
|
|
|
|
|
|
|
|
| Compliance Data Administrator | |
|
|
|
|
|
|
|
|
|
| Global Reader | |
|
|
|
|
|||||
| Security Administrator | |
|
|
|
|
|
|
|
|
|
| Security Operator | |
|
|
|
|
|
|
|
|
|
| Security Reader | |
|
|
|
|
|
||||
For more information about each role, see Administrator role permissions.
Note
App governance alerts will not flow to Microsoft Defender XDR or show up in app governance until you have provisioned both Defender for Cloud Apps and Microsoft Defender XDR by accessing their respective portals at least once.
Next steps
Feedback
Kommer snart: I hele 2024 udfaser vi GitHub-problemer som feedbackmekanisme for indhold og erstatter det med et nyt feedbacksystem. Du kan få flere oplysninger under: https://aka.ms/ContentUserFeedback.
Indsend og få vist feedback om