How Defender for Cloud Apps helps protect your Workday environment
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.
As a major HCM solution, Workday holds some of the most sensitive information in your organization such as employees' personal data, contracts, vendor details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security unaware insiders from exfiltrating the sensitive information.
Connecting Workday to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior.
- Compromised accounts and insider threats
- Data leakage
- Insufficient security awareness
- Unmanaged bring your own device (BYOD)
How Defender for Cloud Apps helps to protect your environment
- Detect cloud threats, compromised accounts, and malicious insiders
- Use the audit trail of activities for forensic investigations
Control Workday with built-in policies and policy templates
You can use the following built-in policy templates to detect and notify you about potential threats:
|Built-in anomaly detection policy||Activity from anonymous IP addresses
Activity from infrequent country
Activity from suspicious IP addresses
|Activity policy template||Logon from a risky IP address|
For more information about creating policies, see Create a policy.
Automate governance controls
Currently, there are no governance controls available for Workday. If you are interested in having governance actions for this connector, you can send the Defender for Cloud Apps team feedback with details of the actions you want.
For more information about remediating threats from apps, see Governing connected apps.
Protect Workday in real time
Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.