Then set Risk score equals 6 or lower.Īfter the results are filtered, you can unsanction and block them by using the bulk action checkbox to unsanction them all in one action. Set the Security risk factor for Data at rest encryption equals Not supported. Then, use the Advanced filters and set Compliance risk factor to SOC 2 equals No.įor Usage, set Users to greater than 50 users and Transactions to greater than 100. In the Discovered apps page, under Browse by category select both Cloud storage and Collaboration. Then you can unsanction or block them as follows: If you want to deep dive into the data Cloud Discovery provides, use the filters to review which apps are risky and which are commonly used.įor example, if you want to identify commonly used risky cloud storage and collaboration apps, you can use the Discovered apps page to filter for the apps you want. Check the discovery alerts status to see how many open alerts should you investigate. You can see the top users and source IP addresses to identify which users are the most dominant users of cloud apps in your organization.Ĭheck how the discovered apps spread according to geographic location (according to their HQ) in the App Headquarters map.įinally, don't forget to review the risk score of the discovered app in the App risk overview. Go even deeper and see all the apps in a specific category in the Discovered apps tab. You can see how much of this usage is by Sanctioned apps. Then, dive one level deeper to see which are the top categories used in your org for each of the different use parameters. The first thing you should do to get a general picture of your Cloud Discovery apps is review the following information in the Cloud Discovery Dashboard:įirst, look at the overall cloud app use in your organization in the High-level usage overview. For more information, see Discovered app filters. Filtering allows you to generate specific views depending on what you're most interested in using easy-to-understand graphics to give you the full picture at a glance. The Cloud Discovery Dashboard has many options for filtering the data. It also shows you who your top app users are and provides an App Headquarter location map. It provides an at-a-glance overview of what kinds of apps are being used, your open alerts, and the risk levels of apps in your organization. The Cloud Discovery dashboard is designed to give you more insight into how cloud apps are being used in your organization. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender. It improves your operational efficiency with better prioritization and shorter response times which protect your organization more effectively. Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities. Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal at.
0 Comments
Leave a Reply. |