Get started with app threat detection and remediation
App governance generates alerts using various mechanisms. Threat detection alerts use built-in, machine-learning-driven detection rules to find malicious app attributes and activities. Policy-based alerts are triggered either by predefined policies or user-defined policies.
To view the latest incidents associated with these alerts, go to the App governance > Overview tab in Microsoft Defender XDR.
For example:
On the Overview tab, the Latest alerts section lists the most recent alerts. You can use these recent alerts to quickly see the current app alert activity for your tenant.
To see all of the alerts, select the Alerts tab.
Alerts page
App governance alerts are now listed with all other Microsoft Defender XDR alerts. To find them, filter for "App governance" as the service source.
For example:
