Review additional blogs
It's important for any security administrator to be able to keep up to date with the technologies they work with. If you're using Microsoft Defender for Cloud Apps, you'll want to learn more about new and existing features. Microsoft and the Defender for Cloud Apps team have curated content relating to cloud app technologies, and presented this material in a series of blogs and websites.
Cloud access security broker (CASB) ninja blog series
The CASB Ninja Blog Series contains articles that will help to arm you with the skills and knowledge you need to be successful with a cloud access security broker (CASB). Ultimately, perhaps, giving you the skills to be a CASB ninja within your organization.
The authors will share their knowledge and experience on real-world scenarios, and how Defender for Cloud Apps can help address issues within those scenarios. You'll dive deep into use cases, architecture design, implementation and configuration best practices, operations, and more.
In the blogs, you'll learn how you can use Defender for Cloud Apps in the following five topic areas:
- Shadow IT Discovery & Control
- Information Protection
- Threat Protection
- Real-time Access Management
- Cloud Security Posture Management
The blog is located just off the Microsoft Security and Compliance website. You can review the content here: Welcome to the Defender for Cloud Apps Ninja Blog Series!.
Defender for Cloud Apps data protection blog series
This blog is written by Sarahzin Chowdhury. She's one of the Defender for Cloud Apps and Defender for Identity Program Managers on the Cloud + AI Security Customer Experience Engineering team. Throughout this series, she'll be explaining how to protect your data using Microsoft Defender for Cloud Apps.
Sarahzin aims to cover some of the top use cases and top customer questions using:
- Real-time (Conditional Access App Control)
- Real-time (API-based App Connectors) Defender for Cloud Apps mechanisms
Data protection is a key pillar in Defender for Cloud Apps, and throughout Defender for Cloud Apps, you can implement data protection in many areas:
- Use the data classification service or the built-in service to scan all the files in Office 365 and third party connected apps.
- Implement data loss prevention (DLP) using the Defender for Cloud Apps Proxy.
- Implement Azure Information Protection (AIP) with Defender for Cloud Apps.
This blog series' initial focus will be discussing the end user's experience with each of the connected apps. You can review the content in this blog here: Defender for Cloud Apps Data Protection.
The following articles are already available for your review:
- Protect Box (Part 1: Near Real-Time Data Protection).
- Protect Box (Part 2: Real-Time Data Protection).
- Do I use Defender for Cloud Apps or MIP?.
Securing administrative access to Microsoft Defender for Cloud Apps and Defender for Identities
Security administrators often focus on best practices for securing their organization's users, apps, services, and devices. But it's easy to forget that Security Administrators are also users. And it's at least, if not more, important to secure these administrative accounts within your organization.
This blog seeks to highlight this issue, and to identify best practices to help ensure your administrative accounts are properly secured. In the article, the author discusses multifactor authentication and default Microsoft Entra roles.
You can review the content in this blog here: Securing Administrative Access to Microsoft Defender for Cloud Apps and Defender for Identities.
Limiting inherited roles from Microsoft Entra ID in Microsoft Defender for Cloud Apps
In this article, the authors discuss how to restrict accesses in line with your organization's security best practices and observe the principle of least privilege. Access to Defender for Cloud Apps is granted through inherited roles from Microsoft Entra ID or through Azure role-based access control (RBAC) assignments from within the Defender for Cloud Apps portal itself.
The article seeks to answer the question:
We have a defined Azure RBAC policy. We have assigned Security administrators to specific groups. These groups have access across our entire security stack. But we want to follow least privilege and grant access only to specific products with the permissions inherited from the Security administrator role. Given that not all the products have a product-specific administrator role available in Microsoft Entra ID, how can we limit the Security administrator role's access in Defender for Cloud Apps without impacting existing permissions to other products?
You can review the content in this blog here: Security Admins, Defender for Cloud Apps, and BLOCK.
Tip
You can locate additional articles that relate to Microsoft Defender for Cloud Apps by visiting the Microsoft Security, Compliance, and Identity Blog website, and selecting Filter by label and choosing Microsoft Defender for Cloud Apps.