Security posture management for SaaS apps

Note

Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Your SaaS application environments may be configured in a risky posture. Microsoft Defender for Cloud Apps provides you with risk security configuration assessments for your SaaS applications to make sure you prevent possible risks. These recommendations are shown via Microsoft Secure Score once you have a connector to an application.

SSPM_in_SecureScore_SalesForce_filter.

Prerequisites

Your organization must have Microsoft Defender for Cloud Apps licenses.

How to enable SaaS apps security posture management

  1. You should connect the app that you want to manage to Defender for Cloud Apps. For connection guides to every app, see the connecting an app pages.
    For a comprehensive overview of apps that are compatible with SaaS security posture management, see the following table.

  2. After you connected the application via Defender for Cloud Apps, make sure the connector is set to show data in Microsoft Secure Score. To verify it, in the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps. Under Connected apps, choose App Connectors. Then open the instance drawer and make sure there is a field Secure Score insights: Main instance.

    secure_score_instance_in_Defender_for_Cloud_Apps.

  3. If the instance is not set as the Secure Score main instance, you can set it by selecting the three dots and selecting Set as Microsoft Secure Score instance.

    choose_secure_score_instance_in_Defender_for_Cloud_Apps.

How to manage your SaaS apps security posture

  1. The security recommendations will be shown automatically in Microsoft Secure Score. Navigate to the Microsoft 365 Defender portal. Under the navigation bar, select Secure score, and go to Recommended actions tab.

    Secure_Score_main_page.

  2. Filter the desired product to see its security controls.

  3. When selecting the control, you'll find its description and status.

  4. To see a step-by-step remediation guide for risky controls, go to the Implementation tab in the control side pane.

    Secure Score remediation steps.

Note

  • The recommendations are based on Microsoft benchmarks.
  • Score updates may take up to 24 hours.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.