Pilot Microsoft Defender for Cloud Apps with Microsoft Defender XDR
- Microsoft Defender XDR
Use the following steps to set up and configure the pilot for Microsoft Defender for Cloud Apps.
- Step 1. Create the pilot group—Scope your pilot deployment to certain user groups
- Step 2. Configure protection—Conditional Access App Control
- Step 3. Try out capabilities—Walk through tutorials for protecting your environment
Step 1: Create the pilot group—Scope your pilot deployment to certain user groups
Microsoft Defender for Cloud Apps enables you to scope your deployment. Scoping allows you to select certain user groups to be monitored for apps or excluded from monitoring. You can include or exclude user groups. To scope your pilot deployment, see Scoped Deployment.
Step 2: Configure protection—Conditional Access App Control
One of the most powerful protections you can configure is Conditional Access App Control. This protection requires integration with Microsoft Entra ID. It allows you to apply Conditional Access policies, including related policies (like requiring healthy devices), to cloud apps you've sanctioned.
The first step in using Microsoft Defender for Cloud Apps to manage SaaS apps is to discover these apps and then add them to your Microsoft Entra tenant. If you need help with discovery, see Discover and manage SaaS apps in your network. After you've discovered apps, add these apps to your Microsoft Entra tenant.
You can begin to manage these apps by executing the following tasks:
- First, in Microsoft Entra ID, create a new conditional access policy and configure it to "Use Conditional Access App Control." This configuration helps to redirect the request to Defender for Cloud Apps. You can create one policy and add all SaaS apps to this policy.
- Next, in Defender for Cloud Apps, create session policies. Create one policy for each control you want to apply.
For more information, including supported apps and clients, see Protect apps with Microsoft Defender for Cloud Apps Conditional Access App Control.
For example policies, see Recommended Microsoft Defender for Cloud Apps policies for SaaS apps. These policies build on a set of common identity and device access policies that are recommended as a starting point for all customers.
Step 3: Try out capabilities—Walk through tutorials for protecting your environment
The Microsoft Defender for Cloud Apps documentation includes a series of tutorials to help you discover risk and protect your environment.
Try out Defender for Cloud Apps tutorials:
- Detect suspicious user activity
- Investigate risky users
- Investigate risky OAuth apps
- Discover and protect sensitive information
- Protect any app in your organization in real time
- Block downloads of sensitive information
- Protect your files with admin quarantine
- Require step-up authentication upon risky action
For more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the video.
Return to the overview for Evaluate Microsoft Defender for Cloud Apps
Return to the overview for Evaluate and pilot Microsoft Defender XDR
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.