Lifecycle management strategy in Defender for Cloud Apps

Article
02/05/2023
2 minutes to read

Note

Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

By using a lifecycle management strategy, you can ensure your configurations, exclusions, and policies for Microsoft Defender for Cloud Apps remain up to date and are reviewed on an established cadence.

Note

Remember to also check What's New in Defender for Cloud Apps to stay current with new features and releases.

Microsoft Defender for Cloud Apps lifecycle management.

To best maintain Defender for Cloud Apps posture, regularly follow the recommendations below:

Role-based access controls

Real-time controls

Policy management

Remove unneeded custom policies
Review new policy templates
Enhance policy strategy to determine what can be a saved query versus what requires an alert
Ensure labeling strategy is in line with current Security and Compliance configuration

Discovery

Settings

Review managed domains
Verify current IP ranges for Corporate and VPN
Verify App Tag strategy and add/remove as needed
Check rights on admin quarantine folder
Adjust score metrics based on industry best practices
Review members allowed to view private activities
Verify integrations are enabled:

Next steps

Defender for Cloud Apps best practices

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.