Basic setup for Defender for Cloud Apps


Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

The following procedure gives you instructions for customizing the Microsoft Defender for Cloud Apps portal.


For portal access, it's necessary to add the following IP addresses to your Firewall's allow list to provide access for the Defender for Cloud Apps portal:


For US Government GCC High customers, it's also necessary to add the following IP addresses to your Firewall's allow list to provide access for the Defender for Cloud Apps GCC High portal:



To get updates when URLs and IP addresses are changed, subscribe to the RSS as explained in: Office 365 URLs and IP address ranges.

Set up the portal

  1. In the Defender for Cloud Apps portal, in the menu bar, select the settings cog settings icon. and select Settings to configure your organization's details.

  2. Under Organization details, it's important that you provide an Organization display name for your organization. It's displayed on emails and web pages sent from the system.

  3. Provide an Environment name (tenant). This information is especially important if you manage more than one tenant.

  4. It's also possible to provide a Logo that is displayed in email notifications and web pages sent from the system. The logo should be a png file with a maximum size of 150 x 50 pixels on a transparent background.

  5. Make sure you add a list of your Managed domains to identify internal users. Adding managed domains is a crucial step. Defender for Cloud Apps uses the managed domains to determine which users are internal, external, and where files should and shouldn't be shared. This information is used for reports and alerts.

    • Users in domains that aren't configured as internal are marked as external. External users aren't scanned for activities or files.
  6. Under Auto sign out, specify the amount of time a session can remain inactive before the session is automatically signed out. Note that Defender for Cloud Apps also uses Azure Active Directory to determine the user's directory level inactivity timeout setting. If a user is configured in Azure Active Directory to never sign out when inactive, the same setting will apply in Defender for Cloud Apps as well.

  7. If you're integrating with Microsoft Purview Information Protection, see Microsoft Purview Information Protection Integration for information.

  8. If you're integrating with Microsoft Defender for Identity integration, see Microsoft Defender for Identity Integration for information.

  9. If at any point you want to back up your portal settings, this screen enables you to do that. Select Export portal settings to create a json file of all your portal settings, including policy rules, user groups, and IP address ranges.


If you use ExpressRoute, Defender for Cloud Apps is deployed in Azure and fully integrated with ExpressRoute. All interactions with the Defender for Cloud Apps apps and traffic sent to Defender for Cloud Apps, including upload of discovery logs, is routed via ExpressRoute for improved latency, performance, and security.

For more information about Microsoft Peering, see ExpressRoute circuits and routing domains.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.