Lab 17 - Defender for Cloud Apps application discovery and enforcing restrictions
Login type = Microsoft 365 admin
Lab scenario
Microsoft Defender for Cloud Apps utilizes logs from network traffic to identify the applications that users are accessing. Traffic logs from on-premises firewalls will provide a snapshot report on the most common applications and the users that are accessing these apps. Traffic from managed devices will be fed into the Microsoft Defender for Cloud Apps discovery overview dashboard
Estimated time: 10 minutes
Exercise 1 - Defender for Cloud Apps discovery
Task 1 - Discovery apps in Defender for Cloud Apps
-
Sign in to https://security.microsoft.com using a Global Administrator account.
-
On the left menu, scroll to the heading named Cloud Apps and click Cloud App Catalog.
-
In Browse by category pane, select Cloud storage.
-
In the list of apps, note the Risk score next to the app name.
-
Open another browser tab and navigate to www.dropbox.com.
-
You will be able to access this website.
-
Close the tab for Dropbox.
-
Return to the Defender for Cloud Apps screen, and select the three-dot to the right of Dropbox.
-
Choose Sanctioned and then the Next button.
Task 2 - Restrict Apps in Defender for Cloud Apps
-
Return to the Discovered apps tile and select the Tag as unsanctioned for Dropbox. Note: This is located next to the circled check-mark.
-
Click Save
-
This process allows you to block applications that are not sanctioned within your company policy, limiting Shadow IT within your organization.
Note: There is a delay when sactioning and unsanctioning an application and that application. You may have to wait up to 5 minutes.
Once the application has been blocked as unsanctioned, the application will not be accessible through browser, in-private browser, or store download on a Client that is onboarded to MDE (Microsoft Defender for Endpoint) integrated with Microsoft Defender for Cloud Apps.