Microsoft Defender for Cloud Apps

Formerly known as “Cloud App Security”, Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that is part of the Microsoft 365 Defender suite of products. Defender for Cloud Apps (DCA) is built to help IT departments control the data that their organizations have hosted in multiple cloud services including but not limited to Office 365.

 

We Help You

Shadow IT

Shadow IT describes the concept of decentralized IT actions, that are (most of the time) not allowed. Here is an example: a user of your organization enables collaboration to a cloud app. The IT department has no information or governance on this. This is where CAS enters the game to benefit you.

License Requirements

When talking about pricing, Defender for Cloud Apps has some included features in Azure AD Premium P1, that is part of Enterprise Mobility + Security E3. The full capabilities get available with the Microsoft 365 E5 Security or the standalone CAS license, which only costs 3.5$/user/month.

Policies and Templates

Centrally, it comes down to alert definition and generation. And this is really the key point, why we are doing this. I really want you to understand the difference between a policy and a template: Policies - are active templates that will produce alerts Templates - are blueprints that can be used to create policies

Architecture

The modern vs. legacy approach on network controls differentiate through a central component, the firewall, which in the legacy flow was needed to control connections from a client.

The modern approach is that connections are evaluated on the device and thus independently of the network.

What are Cloud Apps?

The challenge consists of thousands of Cloud applications and websites that users need for collaboration. Shadow IT describes non IT-personnel, that interacts with separate accounts (no SSO or central IdP) on cloud infrastructure/apps that the organization utilizes. The problem is, that the IT department has no governance over these actions and lacks of security and compliance.

Microsofts own database of discovered apps in the web has over 30’000 entries

How to get started?

  1. Understand the product
  2. Get corresponding licenses
  3. Perform a cloud discovery
  4. Analyze data and behavior
  5. Create a concept of :
    Baseline/templated Policies
    Individual enforcements (own Polcies)
    Operational guide
  6. Activate Policies
  7. Respond to actions (identity & access management SecOps)

Product Highlights

  • Consolidated dashboard view of messaging environments health.
  • Automatically verify external Mail flow, OWA, ActiveSync, Outlook Anywhere.
  • Mail flow queue monitoring.
  • DAG configuration and failover monitoring.
  • Microsoft Security Patch verification.
  • 200+ built-in, customizable reports, including: Mailbox size, Mail Traffic, Quota, Storage, Distribution Lists, Public Folders, Database size, OWA, Outlook version, permissions, SLA and mobile device reports.