How Defender for Cloud Apps helps protect your DocuSign environment

DocuSign helps organizations manage electronic agreements, and so your DocuSign environment holds sensitive information for your organization. Any abuse of DocuSign by a malicious actor or any human error may expose your most critical assets to potential attacks.

Connecting your DocuSign environment to Defender for Cloud Apps gives you improved insights into your DocuSign admin activities and managed users sign-ins, and provides threat detection for anomalous behavior.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Main threats

• Compromised accounts and insider threats
• Data leakage
• Insufficient security awareness
• Unmanaged bring your own device (BYOD)

How Defender for Cloud Apps helps to protect your environment

• Detect cloud threats, compromised accounts, and malicious insiders

• Use the audit trail of activities for forensic investigations

SaaS security posture management

To see security posture recommendations for DocuSign in Microsoft Secure Score, create an API connector via the Connectors tab. If a connector already exists and you don't see GitHub recommendations yet, refresh the connection by disconnecting the API connector, and then reconnecting it.

In Secure Score, select Recommended actions and filter by Product = DocuSign. DocuSign supports security recommendations for session timeout and password requirements.

For more information, see:

• Connect DocuSign to Microsoft Defender for Cloud Apps
• Security posture management for SaaS apps
• Microsoft Secure Score

Control DocuSign with policies

Type	Name
Built-in anomaly detection policy	Activity from anonymous IP addresses Activity from infrequent countries/regions Activity from suspicious IP addresses Impossible travel Activity performed by terminated user (requires Microsoft Entra ID as IdP) Multiple failed login attempts

| Activity policy | Build a customized policy by the DocuSign audit log |

For more information about creating policies, see Create a policy.

Automate governance controls

In addition to monitoring for potential threats, you can apply and automate the following DocuSign governance actions to remediate detected threats:

Type	Action
User governance	Notify user on alert (via Microsoft Entra ID) Require user to sign in again (via Microsoft Entra ID) Suspend user (via Microsoft Entra ID)

For more information about remediating threats from apps, see Governing connected apps.

Protect DocuSign in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

Connect DocuSign to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing DocuSign environment using the App Connector APIs. This connection gives you visibility into and control over your organization’s DocuSign use.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Prerequisites

• DocuSign Enterprise Pro account plan with Monitor API enabled.

  • For more information about DocuSign Monitor API, see How to get monitoring data | DocuSign and Enable DocuSign Monitor for your organization | DocuSign.

• DNS domains used in your organization should be claimed and validated in your DocuSign organization. For more information on claiming and validating domains, see Domains | DocuSign

• The DocuSign user used for logging into DocuSign must be mapped to the user role 'Docusign Administrator' and must be an organization admin of one organization only. For more information, see the prerequisite role in How to get monitoring data | DocuSign and Organization Administrators - DocuSign Admin for Organization Management | DocuSign Support Center.

• Due to DocuSign’s API limitation, in order to have SaaS Security Posture management (SSPM) support there's a need to reconnect it with additional permissions: account_read account_write and user_read organization_read.

• The DocuSign account must be mapped to an organization. For more information, see:

  • Create new organization: Organizations - DocuSign Admin for Organization Management | DocuSign Support Center

  • Link account to an existing organization: Managing Accounts - DocuSign Admin for Organization Management | DocuSign Support Center

  • DocuSign Organization Admin guide: DocuSign Admin for Organization Management (PDF) | DocuSign Support Center.

Configure DocuSign

1. Sign into a DocuSign account that is mapped to your organization (you should be an account Admin for that account).

2. Go to Settings and then Apps and keys.

3. Copy the User ID and Account Base URI. You'll need them later.

Configure Defender for Cloud Apps

1. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.

2. In the App connectors page, select +Connect an app, and then select DocuSign.

3. In the window that appears, give the connector a descriptive name, and then select Next.

   

4. In the next screen, enter the following:

   • User ID: the User ID that you copied earlier.
   • Endpoint: the Account Base URI you copied earlier.

   

5. Select Next.

6. In the next screen, select Connect DocuSign.

7. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.

Note

SaaS Security Posture Management (SSPM) data will be shown in the Microsoft Defender Portal on the Secure Score page. For more information, see Security posture management for SaaS apps.

Limitations

• Only active DocuSign users will be shown in Defender for Cloud Apps.
  • If a user isn't active in all of the DocuSign accounts mapped to the connected DocuSign organization, the user will be shown as deleted in Defender for Cloud Apps.
• For SaaS Security Posture Management (SSPM) support, the provided credentials must have these permissions - account_read account_write and user_read organization_read.
• Defender for Cloud Apps won't show whether a user is an administrator or not.
• The DocuSign activities that will be shown in Defender for Cloud Apps are the activities at the account level (of every account that is mapped to the connected DocuSign organization) and at the organization level.

Next steps

Control cloud apps by using policies

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.