Microsoft Defender for Cloud Apps in Microsoft Defender XDR
Applies to:
Microsoft Defender for Cloud Apps is now part of Microsoft Defender XDR. The Microsoft Defender portal allows security admins to perform their security tasks in one location. This simplifies workflows, and adds the functionality of the other Microsoft Defender XDR services. Microsoft Defender XDR will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.
SOC analysts will be able to triage, investigate and hunt across all Microsoft Defender XDR workloads, including cloud apps.
Defender for Cloud Apps alerts will continue to appear in Microsoft Defender XDR's incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft Defender portal, in a unified format with the proper adaptations to each alerts type. For more information, see Investigate incidents in Microsoft Defender XDR.
Take a look in Microsoft Defender XDR at https://security.microsoft.com.
Learn more about the benefits: Overview of Microsoft Defender XDR.
Quick reference
The images and the tables below list the changes in navigation between Microsoft Defender for Cloud Apps and Microsoft Defender XDR.
Discover
Defender for Cloud Apps | Microsoft Defender XDR |
---|---|
Cloud Discover dashboard | Cloud apps -> Cloud discovery |
Discovered Apps | tab on Cloud Discovery page |
Discovered resources | tab on Cloud Discovery page |
IP addresses | tab on Cloud Discovery page |
Users | tab on Cloud Discovery page |
Devices | tab on Cloud Discovery page |
Cloud app catalog | Cloud apps -> Cloud app catalog |
Create Cloud Discovery snapshot report | On the Cloud Discovery page, under Actions |
Investigate
Defender for Cloud Apps | Microsoft Defender XDR |
---|---|
Activity log | Cloud apps -> Activity log |
Files | Cloud apps -> Files |
Users and accounts | Assets -> Identities |
Security configuration | available in Microsoft Defender for Cloud |
Identity security posture | Microsoft Defender for Identity's identity security posture assessments |
OAuth apps | Cloud apps -> OAuth apps |
Connected apps | Settings -> Cloud apps -> Connected apps |
Control
Defender for Cloud Apps | Microsoft Defender XDR |
---|---|
Policies | Cloud apps -> Policy management. Note: Microsoft Entra ID Protection policies will be removed gradually from the Cloud apps policies list. To configure alerts from these policies, see Configure Microsoft Entra IP alert service |
Templates | Cloud apps -> Policy templates |
Settings
Defender for Cloud Apps | Microsoft Defender XDR |
---|---|
Settings | Settings -> Cloud apps |
Settings/Governance log | Cloud apps -> Governance log |
Security extensions -> Playbooks | Settings -> Cloud apps |
Security extensions -> SIEM agents | Settings -> Cloud apps |
Security extensions -> External DLP | Settings -> Cloud apps |
Security extensions -> API tokens | Settings -> Cloud apps |
Manage admin access -> Admin roles | Permissions-> Cloud apps-> Roles |
Manage admin access -> Activity privacy permissions | Permissions-> Cloud apps-> Activity privacy permissions |
Exported reports | Reports -> Cloud apps -> Exported reports |
Scoped deployment and privacy | Settings -> Cloud Apps -> Scoped deployment and privacy |
Connected Apps / App connectors | Settings -> Cloud Apps -> Connected apps -> App Connectors |
Conditional Access App Control | Settings -> Cloud apps -> Connected apps -> Conditional Access App Control apps |
IP address ranges | Settings -> Cloud apps |
User groups | Settings -> Cloud apps |
The capabilities on the following pages are fully integrated into Microsoft Defender XDR, and therefore don't have their own standalone experience in Microsoft Defender XDR:
- Settings > Microsoft Entra ID Protection
- Settings > App Governance
- Settings > Microsoft Defender for Identity
What's changed
Learn about the changes that have come with the integration of Defender for Cloud Apps and Microsoft Defender XDR.
Global search
Global search in Microsoft Defender XDR (using the search bar at the top of the page) now includes an additional searchable entity: it allows you to search for connected apps in Defender for Cloud Apps.
Assets and identities
As part of the creation of a dedicated Assets section that spans the entire Microsoft Defender XDR experience, the Users and Accounts section of Defender for Cloud Apps is rebranded as the Identities section. No changes to functionality are expected.
Redirection from the classic Microsoft Defender for Cloud Apps portal to Microsoft Defender XDR
Customers still using the classic Microsoft Defender for Cloud Apps portal are all automatically redirected to Microsoft 365, and customers using preview features with the classic portal now have no option to switch back. If you're not using preview features, admins can still update the redirect setting as needed to continue using the classic Defender for Cloud Apps portal.
Note
If something isn't working for you or if there's anything you're unable to complete through Microsoft Defender XDR, we want to hear about it. If you've encountered any issues with redirection, we encourage you to let us know by using the Give feedback submission form.
To revert to the former Microsoft Defender for Cloud Apps portal:
Sign in to Microsoft Defender XDR as a Global administrator, Security administrator, or Cloud App Security administrator in Azure Active directory, or a local global admin in Microsoft Defender for Cloud Apps.
Make sure that you don't have Preview features turned on for your tenant. For more information, see Microsoft Defender XDR preview features.
Navigate to Settings > Cloud Apps > System > Redirection to Microsoft Defender XDR or go directly to the Redirection setting.
Toggle the Automatic redirection setting to Off.
Once toggled off, accounts are no longer routed to security.microsoft.com. Active user sessions are not terminated, and the updates are applied only after the user ends their current session or opens a new tab.
The update might take effect almost immediately in some accounts, but may take longer to propagate to every account in your organization. This setting can be turned back on again at any time.
Related videos
Learn how to protect your cloud apps in Microsoft Defender XDR:
Protecting cloud apps in Microsoft Defender XDR:
Defender for Cloud Apps in Microsoft Defender XDR for customers migrating from the classic portal
Related information
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for