Basic setup for Defender for Cloud Apps


Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal at: Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. It improves your operational efficiency with better prioritization and shorter response times which protect your organization more effectively. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

The following procedure gives you instructions for customizing your Microsoft Defender for Cloud Apps environment.


For portal access requirements, see Portal access.

Set up your Defender for Cloud Apps environment

  1. In the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps.

  2. Under System -> Organization details, it's important that you provide an Organization display name for your organization. It's displayed on emails and web pages sent from the system.

  3. Provide an Environment name (tenant). This information is especially important if you manage more than one tenant.

  4. It's also possible to provide a Logo that is displayed in email notifications and web pages sent from the system. The logo should be a png file with a maximum size of 150 x 50 pixels on a transparent background.

  5. Make sure you add a list of your Managed domains to identify internal users. Adding managed domains is a crucial step. Defender for Cloud Apps uses the managed domains to determine which users are internal, external, and where files should and shouldn't be shared. This information is used for reports and alerts.

    • Users in domains that aren't configured as internal are marked as external. External users aren't scanned for activities or files.
  6. If you're integrating with Microsoft Purview Information Protection, see Microsoft Purview Information Protection Integration for information.


If you use ExpressRoute, Defender for Cloud Apps is deployed in Azure and fully integrated with ExpressRoute. All interactions with the Defender for Cloud Apps apps APIs and traffic sent to Defender for Cloud Apps APIs, including upload of discovery logs, is routed via ExpressRoute for improved latency, performance, and security.

Microsoft 365 Defender portal usage is not included in the ExpressRoute integration.

For more information about Microsoft Peering, see ExpressRoute circuits and routing domains.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.