Enrich Cloud Discovery data with Azure AD usernames


Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Cloud Discovery data can now be enriched with Azure Active Directory username data. When you enable this feature, the username, received in discovery traffic logs, is matched and replaced by the Azure AD username. Cloud Discovery enrichment enables the following features:

  • You can investigate Shadow IT usage by Azure Active Directory user. The user will be shown with its UPN.
  • You can correlate the Discovered cloud app use with the API collected activities.
  • You can then create custom logs based on Azure AD user groups. For example, a Shadow IT report for a specific Marketing department.


Enabling user data enrichment

  1. Under the Settings cog, select Settings.

  2. In the Settings page, under Cloud Discovery, select User enrichment.

  3. In the User enrichment tab, select Enrich discovered user identifiers with Azure Active Directory usernames. This option enables Defender for Cloud Apps to use Azure Active Directory data to enrich usernames by default.

    Enrich Defender for Cloud Apps Discovery with Azure AD usernames.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.