Redaguoti

Bendrinti naudojant


How Defender for Cloud Apps helps protect your DocuSign environment

DocuSign helps organizations manage electronic agreements, and so your DocuSign environment holds sensitive information for your organization. Any abuse of DocuSign by a malicious actor or any human error may expose your most critical assets to potential attacks.

Connecting your DocuSign environment to Defender for Cloud Apps gives you improved insights into your DocuSign admin activities and managed users sign-ins, and provides threat detection for anomalous behavior.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Main threats

  • Compromised accounts and insider threats
  • Data leakage
  • Insufficient security awareness
  • Unmanaged bring your own device (BYOD)

How Defender for Cloud Apps helps to protect your environment

SaaS security posture management

To see security posture recommendations for DocuSign in Microsoft Secure Score, create an API connector via the Connectors tab. If a connector already exists and you don't see GitHub recommendations yet, refresh the connection by disconnecting the API connector, and then reconnecting it.

In Secure Score, select Recommended actions and filter by Product = DocuSign. DocuSign supports security recommendations for session timeout and password requirements.

For more information, see:

Control DocuSign with policies

Type Name
Built-in anomaly detection policy Activity from anonymous IP addresses
Activity from infrequent countries/regions
Activity from suspicious IP addresses
Impossible travel
Activity performed by terminated user (requires Microsoft Entra ID as IdP)
Multiple failed login attempts

| Activity policy | Build a customized policy by the DocuSign audit log |

For more information about creating policies, see Create a policy.

Automate governance controls

In addition to monitoring for potential threats, you can apply and automate the following DocuSign governance actions to remediate detected threats:

Type Action
User governance Notify user on alert (via Microsoft Entra ID)
Require user to sign in again (via Microsoft Entra ID)
Suspend user (via Microsoft Entra ID)

For more information about remediating threats from apps, see Governing connected apps.

Protect DocuSign in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

Connect DocuSign to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing DocuSign environment using the App Connector APIs. This connection gives you visibility into and control over your organization’s DocuSign use.

Use this app connector to access SaaS Security Posture Management (SSPM) features, via security controls reflected in Microsoft Secure Score. Learn more.

Prerequisites

Configure DocuSign

  1. Sign into a DocuSign account that is mapped to your organization (you should be an account Admin for that account).

  2. Go to Settings and then Apps and keys.

  3. Copy the User ID and Account Base URI. You'll need them later.

Configure Defender for Cloud Apps

  1. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.

  2. In the App connectors page, select +Connect an app, and then select DocuSign.

  3. In the window that appears, give the connector a descriptive name, and then select Next.

    Connect DocuSign.

  4. In the next screen, enter the following:

    • User ID: the User ID that you copied earlier.
    • Endpoint: the Account Base URI you copied earlier.

    Enter DocuSign details.

  5. Select Next.

  6. In the next screen, select Connect DocuSign.

  7. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.

Note

SaaS Security Posture Management (SSPM) data will be shown in the Microsoft Defender Portal on the Secure Score page. For more information, see Security posture management for SaaS apps.

Limitations

  • Only active DocuSign users will be shown in Defender for Cloud Apps.
    • If a user isn't active in all of the DocuSign accounts mapped to the connected DocuSign organization, the user will be shown as deleted in Defender for Cloud Apps.
  • For SaaS Security Posture Management (SSPM) support, the provided credentials must have these permissions - account_read account_write and user_read organization_read.
  • Defender for Cloud Apps won't show whether a user is an administrator or not.
  • The DocuSign activities that will be shown in Defender for Cloud Apps are the activities at the account level (of every account that is mapped to the connected DocuSign organization) and at the organization level.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.