Connect Box to Microsoft Defender for Cloud Apps

Note

  • We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

  • Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

This article provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Box account using the App Connector APIs. This connection gives you visibility into and control over Box use. For information about how Defender for Cloud Apps protects Box, see Protect Box.

How to connect Box to Defender for Cloud Apps

Note

Deploying with an account that is not an Admin account leads to a failure in the API test and does not allow Defender for Cloud Apps to scan all of the files in Box. If this is a problem for you, you can deploy with a Co-Admin that has all of the privileges checked, but the API test will continue to fail and files owned by other admins in Box will not be scanned.

  1. If you restrict application permission access, follow this step. Otherwise, skip to step 2.

    1. Sign in with an Admin account to your Box account.

    2. Click on the Apps > Custom apps > Settings.

      box apps.

    3. If Disable unpublished apps by default is selected, in the Except for text box, add the Defender for Cloud Apps API key:

      Data center Defender for Cloud Apps API key
      US1 nduj1o3yavu30dii7e03c3n7p49cj2qh
      US2 w0ouf1apiii9z8o0r6kpr4nu1pvyec75
      US3 dmcyvu1s9284i2u6gw9r2kb0hhve4a0r
      EU1 me9cm6n7kr4mfz135yt0ab9f5k4ze8qp
      EU2 uwdy5r40t7jprdlzo85v8suw1l4cdsbf

      Then click Save. For information on how to see which Defender for Cloud Apps data center you're connected to, see View your data center.

      box settings except for.

      Note

      If you are an existing Adallom customer, and your console URL is for Adallom and not Defender for Cloud Apps, use this app serial number: bwahmilhdlpbqy2ongkl119o3lrkoshc.

  2. In the Defender for Cloud Apps portal, click Investigate and then Connected apps.

  3. In the App connectors page, click the plus sign (+) button and select Box.

    connect box.

  4. In the Box settings pop-up, click Follow this link.

  5. The Box sign-in page opens. Enter your credentials to allow Defender for Cloud Apps access to your team's Box app.

  6. Box asks you if you want to allow Defender for Cloud Apps access to your team information, activity log, and perform activities as a team member. To proceed, click Allow.

  7. Back in the Defender for Cloud Apps portal, you should receive a message saying that Box was successfully connected.

  8. Make sure the connection succeeded by clicking Test API.

    Testing may take a couple of minutes. After receiving a success notice, click Close.

Box is now connected to Defender for Cloud Apps.

After connecting Box, you'll receive events for 7 days prior to connection.

After connecting Box, Defender for Cloud Apps performs a full scan. Depending on how many files and users you have, completing the full scan can take awhile. To enable near real-time scanning, files on which activities are detected are moved to the beginning of the scan queue. For example, a file that is edited, updated, or shared is scanned right away rather than waiting for the regular scan process. Near real-time scanning doesn't apply to files that aren't inherently modified. For example, files that are viewed, previewed, printed, or exported are scanned as part of the regularly scheduled scan.

If you have any problems connecting the app, see Troubleshooting App Connectors.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.