Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)
Note
Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.
Applies to:
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This simplifies workflows, and adds the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.
SOC analysts will be able to triage, investigate and hunt across all Microsoft 365 Defender workloads, including cloud apps. Defender for Cloud Apps alerts will continue to appear in Microsoft 365 Defender's incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft 365 Defender portal, in a unified format with the proper adaptations to each alerts type.
Take a look in Microsoft 365 Defender at https://security.microsoft.com.
Learn more about the benefits: Overview of Microsoft 365 Defender.
Quick reference
The images and the tables below list the changes in navigation between Microsoft Defender for Cloud Apps and Microsoft 365 Defender.
Discover
| Defender for Cloud Apps | Microsoft 365 Defender |
|---|---|
| Cloud Discover dashboard | Cloud apps -> Cloud discovery |
| Discovered Apps | tab on Cloud Discovery page |
| Discovered resources | tab on Cloud Discovery page |
| IP addresses | tab on Cloud Discovery page |
| Users | tab on Cloud Discovery page |
| Devices | tab on Cloud Discovery page |
| Cloud app catalog | Cloud apps -> Cloud app catalog |
| Create Cloud Discovery snapshot report | On the Cloud Discovery page, under Actions |
Investigate
| Defender for Cloud Apps | Microsoft 365 Defender |
|---|---|
| Activity log | Cloud apps -> Activity log |
| Files | Cloud apps -> Files |
| Users and accounts | Assets -> Identities |
| Security configuration | available in Microsoft Defender for Cloud |
| Identity security posture | Microsoft Defender for Identity's identity security posture assessments |
| OAuth apps | Cloud apps -> OAuth apps |
| Connected apps | Settings -> Cloud apps -> Connected apps |
Control
| Defender for Cloud Apps | Microsoft 365 Defender |
|---|---|
| Policies | Cloud apps -> Policy management. Note: Azure AD identity protection policies will be removed gradually from the Cloud apps policies list. To configure alerts from these policies, see Configure AAD IP alert service |
| Templates | Cloud apps -> Policy templates |
Settings
| Defender for Cloud Apps | Microsoft 365 Defender |
|---|---|
| Settings | Settings -> Cloud apps |
| Settings/Governance log | Cloud apps -> Governance log |
| Security extensions -> Playbooks | Settings -> Cloud apps |
| Security extensions -> SIEM agents | Settings -> Cloud apps |
| Security extensions -> External DLP | Settings -> Cloud apps |
| Security extensions -> API tokens | Settings -> Cloud apps |
| Manage admin access -> Admin roles | Permissions-> Cloud apps-> Roles |
| Manage admin access -> Activity privacy permissions | Permissions-> Cloud apps-> Activity privacy permissions |
| Exported reports | Reports -> Cloud apps -> Exported reports |
| Scoped deployment and privacy | Settings -> Cloud Apps -> Scoped deployment and privacy |
| Connected Apps / App connectors | Settings -> Cloud Apps -> Connected apps -> App Connectors |
| Conditional Access App Control | Settings -> Cloud apps -> Connected apps -> Conditional Access App Control apps |
| IP address ranges | Settings -> Cloud apps |
| User groups | Settings -> Cloud apps |
Limitations
The new Defender for Cloud Apps experience in the Microsoft 365 Defender portal is currently available for all users detailed in Manage admin access, except for:
- App/Instance admin, User group admin, Cloud Discovery global admin, and Cloud Discovery report admin, as defined in Built-in admin roles in Defender for Cloud Apps.
- User privacy groups as defined in Activity privacy
The new experience is currently available for full Microsoft Defender for Cloud Apps licenses only.
New customers need to first sign in to the Microsoft Defender for Cloud Apps portal.
Some links may redirect you to the Defender for Cloud Apps portal.
What's changed
Learn about the changes that have come with the integration of Defender for Cloud Apps and Microsoft 365 Defender.
Global search
Global search in Microsoft 365 Defender (using the search bar at the top of the page) now includes an additional searchable entity: it allows you to search for connected apps in Defender for Cloud Apps.
Assets and identities
As part of the creation of a dedicated Assets section that spans the entire Microsoft 365 Defender experience, the Users and Accounts section of Defender for Cloud Apps is rebranded as the Identities section. No changes to functionality are expected.
Preview features in Defender for Cloud Apps
Turn on the preview experience setting to be among the first to try upcoming features.
Note
This feature is now available in public preview.
- In the navigation pane, select Settings.
- Select Cloud apps.
- Select Preview features > Enable preview features.
- Select Save.
You'll know you have preview features turned on when you see that the Enable preview features check box is selected.
For more information, see Microsoft Defender for Cloud Apps preview features.
Related videos
Learn how to protect your cloud apps in Microsoft 365 Defender:
Related information
Feedback
Submit and view feedback for