Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview)

Note

Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.

Applies to:

Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This simplifies workflows, and adds the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.

SOC analysts will be able to triage, investigate and hunt across all Microsoft 365 Defender workloads, including cloud apps. Defender for Cloud Apps alerts will continue to appear in Microsoft 365 Defender's incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft 365 Defender portal, in a unified format with the proper adaptations to each alerts type.

Take a look in Microsoft 365 Defender at https://security.microsoft.com.

Learn more about the benefits: Overview of Microsoft 365 Defender.

Quick reference

The images and the tables below list the changes in navigation between Microsoft Defender for Cloud Apps and Microsoft 365 Defender.

Discover

Defender for Cloud Apps Microsoft 365 Defender
Cloud Discover dashboard Cloud apps -> Cloud discovery
Discovered Apps tab on Cloud Discovery page
Discovered resources tab on Cloud Discovery page
IP addresses tab on Cloud Discovery page
Users tab on Cloud Discovery page
Devices tab on Cloud Discovery page
Cloud app catalog Cloud apps -> Cloud app catalog
Create Cloud Discovery snapshot report On the Cloud Discovery page, under Actions

Investigate

Defender for Cloud Apps Microsoft 365 Defender
Activity log Cloud apps -> Activity log
Files Cloud apps -> Files
Users and accounts Assets -> Identities
Security configuration available in Microsoft Defender for Cloud
Identity security posture Microsoft Defender for Identity's identity security posture assessments
OAuth apps Cloud apps -> OAuth apps
Connected apps Settings -> Cloud apps -> Connected apps

Control

Defender for Cloud Apps Microsoft 365 Defender
Policies Cloud apps -> Policy management. Note: Azure AD identity protection policies will be removed gradually from the Cloud apps policies list. To configure alerts from these policies, see Configure AAD IP alert service
Templates Cloud apps -> Policy templates

Settings

Defender for Cloud Apps Microsoft 365 Defender
Settings Settings -> Cloud apps
Settings/Governance log Cloud apps -> Governance log
Security extensions -> Playbooks Settings -> Cloud apps
Security extensions -> SIEM agents Settings -> Cloud apps
Security extensions -> External DLP Settings -> Cloud apps
Security extensions -> API tokens Settings -> Cloud apps
Manage admin access -> Admin roles Permissions-> Cloud apps-> Roles
Manage admin access -> Activity privacy permissions Permissions-> Cloud apps-> Activity privacy permissions
Exported reports Reports -> Cloud apps -> Exported reports
Scoped deployment and privacy Settings -> Cloud Apps -> Scoped deployment and privacy
Connected Apps / App connectors Settings -> Cloud Apps -> Connected apps -> App Connectors
Conditional Access App Control Settings -> Cloud apps -> Connected apps -> Conditional Access App Control apps
IP address ranges Settings -> Cloud apps
User groups Settings -> Cloud apps

Limitations

  • The new Defender for Cloud Apps experience in the Microsoft 365 Defender portal is currently available for all users detailed in Manage admin access, except for:

  • The new experience is currently available for full Microsoft Defender for Cloud Apps licenses only.

  • New customers need to first sign in to the Microsoft Defender for Cloud Apps portal.

  • Some links may redirect you to the Defender for Cloud Apps portal.

What's changed

Learn about the changes that have come with the integration of Defender for Cloud Apps and Microsoft 365 Defender.

Global search in Microsoft 365 Defender (using the search bar at the top of the page) now includes an additional searchable entity: it allows you to search for connected apps in Defender for Cloud Apps.

Search for connected apps.

Assets and identities

As part of the creation of a dedicated Assets section that spans the entire Microsoft 365 Defender experience, the Users and Accounts section of Defender for Cloud Apps is rebranded as the Identities section. No changes to functionality are expected.

Preview features in Defender for Cloud Apps

Turn on the preview experience setting to be among the first to try upcoming features.

Note

This feature is now available in public preview.

  1. In the navigation pane, select Settings.
  2. Select Cloud apps.
  3. Select Preview features > Enable preview features.
  4. Select Save.

You'll know you have preview features turned on when you see that the Enable preview features check box is selected.

Screenshot that shows how to enable preview features.

For more information, see Microsoft Defender for Cloud Apps preview features.

Learn how to protect your cloud apps in Microsoft 365 Defender: