Lab 17 - Defender for Cloud Apps application discovery and enforcing restrictions

Login type = Microsoft 365 admin

Lab scenario

Microsoft Defender for Cloud Apps utilizes logs from network traffic to identify the applications that users are accessing.  Traffic logs from on-premises firewalls will provide a snapshot report on the most common applications and the users that are accessing these apps.  Traffic from managed devices will be fed into the Microsoft Defender for Cloud Apps discovery overview dashboard

Estimated time: 10 minutes

Exercise 1 - Defender for Cloud Apps discovery

Task 1 - Discovery apps in Defender for Cloud Apps

  1. Sign in to Microsoft Defender portal at https://security.microsoft.com using a Global Administrator account.

    Note: You may be prompted to complete Multi-Factor Authentication (MFA) during sign-in. Follow the prompts to configure or verify your authentication method before continuing.

  2. On the Microsoft Defender portal, in the left navigation menu, expand the Cloud Apps, select Cloud App Catalog.

  3. In the filter bar, set Category to Cloud storage.

  4. From the list of apps, select Dropbox.

  5. In the app details pane, review the Risk score shown under the General tab.

  6. Open a new browser tab and go to Dropbox at https://www.dropbox.com.

  7. You will be able to access this website.

  8. Close the tab for Dropbox.

  9. Return to the Defender for Cloud Apps screen.

  10. In the Dropbox details pane, select Sanction.

Task 2 - Restrict Apps in Defender for Cloud Apps

  1. Return to the Cloud app catalog in the Microsoft Defender portal.

  2. In the list of apps, locate Dropbox.

  3. In the Dropbox details pane, select Unsanction.

  4. Select Save to apply the change.

Note: There may be a delay when sanctioning or unsanctioning an application. Changes can take up to 5 minutes to take effect.

Once an application is marked as unsanctioned, access to the app is blocked on devices that are onboarded to Microsoft Defender for Endpoint and integrated with Microsoft Defender for Cloud Apps, including:

  • Browser access
  • InPrivate or Incognito browser sessions
  • App downloads from stores

Exercise summary

In this exercise, you reviewed cloud app discovery data and configured app restrictions in Microsoft Defender for Cloud Apps. This exercise showed how to identify and govern shadow IT in the organization.