Edit

Connect Atlassian to Microsoft Defender for Cloud Apps

  • Article

Note

Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

This article provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Atlassian products using the App Connector APIs. This connection gives you visibility into and control over your organization's Atlassian use.

Note

The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see Atlassian audit log activities.

Prerequisites

  • The Atlassian Access plan is required.
  • You must be signed as an Organization admin to Atlassian.

How to connect Atlassian to Defender for Cloud Apps

Configure Atlassian

  1. Sign in to the Atlassian Admin portal with an admin account.

    Sign in to the Atlassian Admin portal.

  2. Go to Settings -> API keys and then Create API key. (Atlassian documentation for creating API keys can also be found here).

    Atlassian API keys.

  3. Give the following values to the API key:

    • Name: You can give any name. The recommended name is Microsoft Defender for Cloud Apps so you can be aware for this integration.

    • Expires on: Set the expiration date as one year from the date of creation (this is the Atlassian maximum time for the expiration date).

      Note

      According to Atlassian API requirements, you'll need to create every year an API key for this integration.

      Create API key.

  4. After selecting Create, copy the Organization ID and the API key. You'll need it later.

    Note

    Verify your domain: To see your Atlassian users and their activities in Defender for Cloud Apps, you need to verify your domain. In Atlassian, domains are used to determine which user accounts can be managed by your organization. You won't see users and their activities if their domains aren't verified in the Atlassian configuration. To verify domains in Atlassian see Verify a domain to manage accounts.

Configure Defender for Cloud Apps

  1. In the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.

  2. In the App connectors page, select +Connect an app, followed by Atlassian.

  3. In the next window, give the instance a descriptive name, and select Next.

    Connect Atlassian.

  4. In the next page, enter the Organization ID and API key you saved before.

Note

  • The first connection can take up to four hours to get all users and their activities.
  • The activities that will display are the activities that were generated from the moment the connector is connected.
  • Activities from the "Atlassian Access" audit log are fetched by Defender for Cloud apps. Other activities aren't fetched currently. See Product Audit Logs.
  • After the connector’s Status is marked as Connected, the connector is live and works.

Revoke and renew API keys

  1. Microsoft recommends using short lived keys or tokens for connecting apps as a security best practice.

  2. We recommend refreshing the Atlassian API key every 6 months as a best practice. To refresh the key, revoke the existing API key and generate a new key.

  3. To revoke API key, navigate to admin.atlassian.com > Settings > API keys, determine the API key used for integration and select Revoke.

  4. Recreate an API key in the Atlassian admin portal with the steps described above.

  5. Afterwards, go to the App Connectors page in the Microsoft 365 Defender portal and edit the connector:

    Edit connector.

  6. Enter the new generated new API key and select Connect Atlassian.

  7. In the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.

Note

By default, the API key is valid for 1 year and expires automatically after a year.

Rate limits

  • 1000 requests per minute (per API key/connector instance)
  • For more information about the Atlassian API limitation, see Atlassian admin REST APIs.

Limitations

  • Activities will be shown in Defender for Cloud Apps only for users with a verified domain.
  • The API key has a maximum expiration period of one year. After one year, you'll need to create another API key from the Atlassian Admin portal and replace it for the old API Key in the Defender for Cloud Apps console.
  • You won't be able to see in Defender for Cloud Apps whether a user is an admin or not.
  • System activities are shown with the Atlassian Internal System account name.

Next steps

Control cloud apps with policies

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.