What are the differences in discovery capabilities for Microsoft Defender for Cloud Apps and Cloud App Discovery?
This article describes the differences between discovery capabilities in Defender for Cloud Apps and Cloud App Discovery.
For information about licensing, see the Microsoft 365 licensing datasheet.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. Cloud Discovery is one of the features of Defender for Cloud Apps, which enables you to gain visibility into Shadow IT by discovering cloud apps in use.
Cloud App Discovery
Cloud App Discovery comes at no additional cost as part of:
- Microsoft Entra ID P1.
- Enterprise Mobility + Security E3 (EMS E3).
- Microsoft 365 E3.
This is a subset of Microsoft Defender for Cloud Apps. It includes Cloud Discovery capabilities that provide deeper visibility into cloud app usage in your organizations.
Upgrade to Microsoft Defender for Cloud Apps to receive the full suite of Cloud Access Security Broker (CASB) capabilities offered by Microsoft Defender for Cloud Apps.
Feature comparison
The following table is a comparison of the discovery capabilities in Defender for Cloud Apps and Cloud App Discovery.
| Capability | Feature | Microsoft Defender for Cloud Apps | Cloud App Discovery |
|---|---|---|---|
| Cloud Discovery | Discovered apps | 31,000 + cloud apps | 31,000 + cloud apps |
| Deployment for discovery analysis | Manual and automatic log upload. Learn more about setting up Cloud Discovery | ||
| Log anonymization for user privacy | Yes | Yes | |
| Access to full Cloud App Catalog | Yes | Yes | |
| Cloud app risk assessment | Yes | Yes | |
| Cloud usage analytics per app, user, IP address | Yes | Yes | |
| Ongoing analytics & reporting | Yes | Yes | |
| Custom policy creation | Yes | Yes | |
| Anomaly detection for discovered apps | Yes | ||
| Information Protection | Data Loss Prevention (DLP) support | Cross-SaaS DLP and data sharing control | |
| App permissions and ability to revoke access (OAuth apps) | Yes | ||
| Policy setting and enforcement | Yes | ||
| Integration with Azure Information Protection | Yes | ||
| Integration with third-party DLP solutions | Yes | ||
| Threat Detection | Anomaly detection and behavioral analytics | For Cross-SaaS apps | |
| Manual and automatic alert remediation | Yes | ||
| SIEM connector | Yes. Alerts and activity logs for cross-SaaS apps. | ||
| Integration to Microsoft Intelligent Security Graph | Yes | ||
| Activity policies | Yes |
Next steps
- Read about the basics in Getting started with Defender for Cloud Apps.
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for