Cloud Discovery API

Note

Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal at: https://security.microsoft.com. Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. It improves your operational efficiency with better prioritization and shorter response times which protect your organization more effectively. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Cloud Discovery APIs allow developers to automate log uploads, list and interact with discovered apps, and generate block scripts for enforcement by a firewall or a Security Web Gateway.

Automate log updates

Cloud Discovery APIs for automating log uploads enable you to upload files generated by your firewall or Security Web Gateway to find Shadow IT in your cloud environment and list discovered cloud apps.

Use the Cloud Discovery API to automate the uploading of your company's discovery log files. The file upload process consists of the following 3 API endpoints which must be called consecutively.

• Initiate file upload
• Perform file upload
• Finalize file upload

List continuous reports and categories

As part of its Cloud Discovery solution, Defender for Cloud Apps uses continuous reports. These reports represent an automatic log upload from a specific data source (such as your Microsoft Defender for Endpoint devices). Each continuous report contains the following:

• Discovered apps: All apps found in the specified continuous report
• Categories: All app categories associated with the specified continuous report

You can use the following API endpoints to work with continuous reports.

• List continuous reports
• List continuous report categories

Blocking unsanctioned applications using a firewall or Security Web Gateway

Defender for Cloud Apps enables you to block access to unsanctioned apps by using your existing on-premises security appliances. Use the Generate block script call to get a dedicated block script and import it to your appliance.

• Generate block script

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.