What are the differences in discovery capabilities for Microsoft Defender for Cloud Apps and Cloud App Discovery?


Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal at: https://security.microsoft.com. Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. It improves your operational efficiency with better prioritization and shorter response times which protect your organization more effectively. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

This article describes the differences between discovery capabilities in Defender for Cloud Apps and Cloud App Discovery.

For information about licensing, see the Microsoft 365 licensing datasheet.

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. Cloud Discovery is one of the features of Defender for Cloud Apps, which enables you to gain visibility into Shadow IT by discovering cloud apps in use.

Cloud App Discovery

Cloud App Discovery comes at no additional cost as part of:

  1. Azure Active Directory P1.
  2. Enterprise Mobility + Security E3
 (EMS E3).
  3. Microsoft 365 E3.

This is a subset of Microsoft Defender for Cloud Apps. It includes Cloud Discovery capabilities that provide deeper visibility into cloud app usage in your organizations.

Upgrade to Microsoft Defender for Cloud Apps to receive the full suite of Cloud Access Security Broker (CASB) capabilities offered by Microsoft Defender for Cloud Apps.

Feature comparison

The following table is a comparison of the discovery capabilities in Defender for Cloud Apps and Cloud App Discovery.

Capability Feature Microsoft Defender for Cloud Apps Cloud App Discovery
Cloud Discovery Discovered apps 31,000 + cloud apps 31,000 + cloud apps
Deployment for discovery analysis
  • Manual upload
  • Automated upload - Log collector and API
  • Native Defender for Endpoint integration
  • Manual and automatic log upload. Learn more about setting up Cloud Discovery
    Log anonymization for user privacy Yes Yes
    Access to full Cloud App Catalog Yes Yes
    Cloud app risk assessment Yes Yes
    Cloud usage analytics per app, user, IP address Yes Yes
    Ongoing analytics & reporting Yes Yes
    Custom policy creation Yes Yes
    Anomaly detection for discovered apps Yes
    Information Protection Data Loss Prevention (DLP) support Cross-SaaS DLP and data sharing control
    App permissions and ability to revoke access (OAuth apps) Yes
    Policy setting and enforcement Yes
    Integration with Azure Information Protection Yes
    Integration with third-party DLP solutions Yes
    Threat Detection Anomaly detection and behavioral analytics For Cross-SaaS apps
    Manual and automatic alert remediation Yes
    SIEM connector Yes. Alerts and activity logs for cross-SaaS apps.
    Integration to Microsoft Intelligent Security Graph Yes
    Activity policies Yes

    Next steps

    If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.