How Defender for Cloud Apps helps protect your Workday environment


Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

As a major HCM solution, Workday holds some of the most sensitive information in your organization such as employees' personal data, contracts, vendor details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security unaware insiders from exfiltrating the sensitive information.

Connecting Workday to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior.

Main threats

  • Compromised accounts and insider threats
  • Data leakage
  • Insufficient security awareness
  • Unmanaged bring your own device (BYOD)

How Defender for Cloud Apps helps to protect your environment

Control Workday with built-in policies and policy templates

You can use the following built-in policy templates to detect and notify you about potential threats:

Type Name
Built-in anomaly detection policy Activity from anonymous IP addresses
Activity from infrequent country
Activity from suspicious IP addresses
Impossible travel
Activity policy template Logon from a risky IP address

For more information about creating policies, see Create a policy.

Automate governance controls

Currently, there are no governance controls available for Workday. If you are interested in having governance actions for this connector, you can send the Defender for Cloud Apps team feedback with details of the actions you want.

For more information about remediating threats from apps, see Governing connected apps.

Protect Workday in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

Next steps