Defender for Cloud Apps
Microsoft Defender for Cloud Apps gives you visibility into your cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats and enables you to control how your data travels.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Power Automate | Standard | All Power Automate regions except the following: - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Standard | All Power Apps regions except the following: - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Microsoft |
URL | Microsoft Power Automate Support Microsoft Power Apps Support |
Connector Metadata | |
---|---|
Publisher | Microsoft |
Website | https://www.microsoft.com/microsoft-365/enterprise-mobility-security/cloud-app-security |
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
API Key | securestring | The API Key for this api | True |
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
[DEPRECATED] Dismiss Defender for Cloud Apps alert |
Dismiss Defender for Cloud Apps alert by alert ID (deprecated version) |
[DEPRECATED] Resolve Defender for Cloud Apps alert |
Resolve Defender for Cloud Apps alert by alert ID (deprecated version) |
Close Defender for Cloud Apps alert as benign |
Close Defender for Cloud Apps alert by alert ID as benign |
Close Defender for Cloud Apps alert as false positive |
Close Defender for Cloud Apps alert by alert ID as false positive |
Close Defender for Cloud Apps alert as true positive |
Close Defender for Cloud Apps alert by alert ID as true positive |
Disable Defender for Cloud Apps policy |
Disable Defender for Cloud Apps policy by policy ID |
Enable Defender for Cloud Apps policy |
Enable Defender for Cloud Apps policy by policy ID |
Get Defender for Cloud Apps activities |
Get Defender for Cloud Apps activities performed by Microsoft Entra ID user ID |
Get Defender for Cloud Apps open alerts |
Get Defender for Cloud Apps open alerts |
Get Defender for Cloud Apps policy |
Get Defender for Cloud Apps policy by policy ID |
Tag app as sanctioned |
Tag app as sanctioned by app ID |
Tag app as unsanctioned |
Tag app as unsanctioned by app ID |
Dismiss Defender for Cloud Apps alert by alert ID (deprecated version)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
eq
|
eq | True | array of string |
eq |
Dismissal comment
|
comment | string |
Comment |
Resolve Defender for Cloud Apps alert by alert ID (deprecated version)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
eq
|
eq | True | array of string |
eq |
Resolution comment
|
comment | string |
Comment |
Close Defender for Cloud Apps alert by alert ID as benign
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
eq
|
eq | True | array of string |
eq |
Resolution comment
|
comment | string |
Comment |
Close Defender for Cloud Apps alert by alert ID as false positive
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
eq
|
eq | True | array of string |
eq |
Resolution comment
|
comment | string |
Comment |
Close Defender for Cloud Apps alert by alert ID as true positive
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
eq
|
eq | True | array of string |
eq |
Resolution comment
|
comment | string |
Comment |
Disable Defender for Cloud Apps policy by policy ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Provider policy ID
|
policy_id | True | string |
Enter provider policy ID... |
Enable Defender for Cloud Apps policy by policy ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Provider policy ID
|
policy_id | True | string |
Enter provider policy ID... |
Get Defender for Cloud Apps activities performed by Microsoft Entra ID user ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Limit
|
limit | integer |
Enter limit... |
|
Microsoft Entra ID User ID
|
id | True | string |
Enter Microsoft Entra ID User ID... |
Returns
- Activities
- ActivitiesAPIResult
Get Defender for Cloud Apps open alerts
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Limit
|
limit | integer |
Enter limit... |
Returns
- Open alerts
- AlertsAPIResult
Get Defender for Cloud Apps policy by policy ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Provider policy ID
|
policy_id | True | string |
Enter provider policy ID... |
Returns
- Policy
- PolicyAPIResult
Tag app as sanctioned by app ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Cloud Application
|
app_id | True | integer |
Enter Cloud Application ID... |
Tag app as unsanctioned by app ID
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Cloud Application
|
app_id | True | integer |
Enter Cloud Application ID... |
When an alert is generated |
Triggers when a Defender for Cloud Apps alert is generated. After configuring your flow, go to the Defender for Cloud Apps policy page, and specify this flow in one of your policies. |
Triggers when a Defender for Cloud Apps alert is generated. After configuring your flow, go to the Defender for Cloud Apps policy page, and specify this flow in one of your policies.
Returns
Name | Path | Type | Description |
---|---|---|---|
Version
|
Version | string |
The version of the alert schema |
VendorName
|
VendorName | string |
The name of the vendor that raised the alert |
ProviderName
|
ProviderName | string |
The name of the vendor that raised the alert |
AlertType
|
AlertType | string |
The type name of the alert |
StartTimeUtc
|
StartTimeUtc | date-time |
The impact start time of the alert (the time of the first event contributing to the alert) |
EndTimeUtc
|
EndTimeUtc | date-time |
The impact end time of the alert (the time of the last event contributing to the alert) |
TimeGenerated
|
TimeGenerated | date-time |
The time the alert was generated by CAS |
Severity
|
Severity | string |
The severity of the alert |
ProviderAlertId
|
ProviderAlertId | string |
Unique ID for the specific alert instance |
ProviderPolicyId
|
ProviderPolicyId | string |
ID of the MCAS policy that triggered the alert |
CorrelationKey
|
CorrelationKey | string |
Used to group similar or duplicate alerts |
AzureResourceId
|
AzureResourceId | string |
The full ARM resource identifier for the cloud resource being alerted on |
CompromisedEntity
|
CompromisedEntity | string |
Display name of the main entity being reported on |
AlertDisplayName
|
AlertDisplayName | string |
The display name of the alert |
Description
|
Description | string |
Alert description |
RemediationSteps
|
RemediationSteps | array of string |
Manual action items to take to remediate the alert |
Component
|
Metadata.Component | string |
Component |
ComponentVersion
|
Metadata.ComponentVersion | string |
ComponentVersion |
TenantId
|
Metadata.TenantId | string |
TenantId |
MCASTenantId
|
Metadata.MCASTenantId | string |
MCASTenantId |
MCASDC
|
Metadata.MCASDC | date-time |
MCASDC |
DuplicateAlertsContextId
|
Metadata.DuplicateAlertsContextId | string |
DuplicateAlertsContextId |
MCASAlertCategory
|
Metadata.MCASAlertCategory | string |
MCASAlertCategory |
IP Addresses
|
ExtendedProperties.IP Addresses | string |
IP addresses related to the alert |
Cloud Applications
|
ExtendedProperties.Cloud Applications | string |
Cloud applications related to the alert |
Countries
|
ExtendedProperties.Countries | string |
Countries related to the alert |
Entities
|
Entities | array of object |
A list of entities related to the alert. This list can hold a mixture of entities of diverse types. |
Type
|
Entities.Type | string |
Type of the entity |
Name
|
Entities.Name | string |
Name of the entity |
AadTenantId
|
Entities.AadTenantId | string |
Microsoft Entra ID Tenant ID of an account entity |
AadUserId
|
Entities.AadUserId | string |
Microsoft Entra ID User ID of an account entity |
UPNSuffix
|
Entities.UPNSuffix | string |
UPN Suffix of an account entity |
Address
|
Entities.Address | string |
IP Address of an IP entity |
ResourceId
|
Entities.ResourceId | string |
ResourceId of an Azure resource entity |
Domains
|
Entities.Domains | array of string |
List of domains of a cloud application entity |
ExtendedLinks
|
ExtendedLinks | array of object |
A list of links related to the alert. This list can hold a mixture of links of diverse types. |
Type
|
ExtendedLinks.Type | string |
Link type |
Category
|
ExtendedLinks.Category | string |
Link category |
Label
|
ExtendedLinks.Label | string |
Link label |
Href
|
ExtendedLinks.Href | string |
Link address |
Name | Path | Type | Description |
---|---|---|---|
data
|
data | ActivitiesData |
Activities by Microsoft Entra ID user ID |
Activities by Microsoft Entra ID user ID
Name | Path | Type | Description |
---|---|---|---|
Items
|
object |
Name | Path | Type | Description |
---|---|---|---|
data
|
data | AlertsData |
Get open alerts |
Get open alerts
Name | Path | Type | Description |
---|---|---|---|
Items
|
object |
Name | Path | Type | Description |
---|---|---|---|
Name
|
name | PolicyName |
The name of the policy |
Description
|
description | PolicyDescription |
The description of the policy |
Type
|
policyType | PolicyType |
The type of the policy |
Daily alert limit
|
alertDailyLimit | DailyAlertLimit |
Daily limit of generated alerts |
Last modified
|
lastModified | LastModified |
Last modified timestamp |