This course explores Microsoft Cloud App Security, including what it is, what it offers, and how it's configured. You'll learn about Cloud Discovery and how to configure Microsoft Cloud App Security. You’ll learn about access policies, policy templates, and how to manage OAuth apps, before diving into Cloud App Security log uploads.
We'll also look at app connectors and at the Cloud App Catalog before moving on to the Cloud App Security dashboard and ways to manage alerts. Finally, we'll cover data management reports.
Learning Objectives
- Get a solid understanding of Microsoft Cloud App Security including what it is, what it offers, and how it's configured
- Learn how to set up access policies and access templates
- Learn how to manage OAuth apps and Cloud App Security uploads
- Understand how app connectors and the Cloud App Catalog add security to your apps
- Learn about Cloud App Security dashboard, how to manage alerts, and how to generate management reports
Intended Audience
This course is intended for those who wish to learn how to use Cloud App Security in Microsoft 365.
Prerequisites
To get the most out of this course, you should already have some basic knowledge of Microsoft 365.
There are 5 main steps that you must complete to configure Microsoft Cloud App Security. You need to first set instant visibility, protection, and governance actions for your apps. In layman’s terms, you have to connect your apps. Once you’ve connected your apps, you can complete step two, which is the creation of policies that are used to control your cloud apps. Step 3 is the setup of Cloud Discovery. After setting up Cloud Discovery, you can complete the next step, which is the personalization of your experience. Organizing your data based on your needs is the 5th and final step in the setup of Cloud App Security.
To complete step one, you browse to the Cloud App Security portal. From the portal, you select “App Connectors” from the settings cog. After adding your app, you follow the configuration steps to connect the app. You repeat this step for each app in your environment. What this does is allow you to get deeper visibility into the apps you use. This, in turn, allows you to investigate activities, files, and accounts for each app in your cloud environment.
Creating policies allows you to monitor trends and see security threats. You can also generate customized reports and alerts. You can also use policies to create governance actions and to set data loss prevention and file-sharing controls.
You create policies in Cloud App Security from the Templates page. Simply choose the relevant policy template from the list, and then create your policy from the template. As you configure your policy, you’ll have to select the filters, actions, and other settings that fit your needs. Once you have your policy settings customized, you can create the policy.
Setting up Cloud Discovery allows Cloud App Security to view cloud app use in your organization. For example, integrating with Microsoft Defender for Endpoint automatically enables Cloud App Security to monitor Windows 10 devices both inside and outside the organization.
As part of Cloud Discovery setup, you should create a continuous Cloud Discovery report to ensure full coverage of your environment. To do this, configure automatic log upload:
Once you have your apps connected, your policies configured, and cloud discovery setup, you can personalize your experience by adding your organization’s details. You can configure email settings, admin notifications, and you can customize score metrics for your environment.
While personalization isn’t absolutely required, there are some features that just work better when they're customized to your specific needs.
The last step is the configuration of some important settings. For example, you’ll want to create IP address tags, continuous reports, and you’ll want to add domains. Creating IP address tags allows you to use IP tags when you create policies. You can also use IP tags when you filter and create continuous reports, which allow you to view discovered data based on your own preferences.
Once you’ve completed setup of Cloud App Security, you can begin controlling your cloud apps with policies.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.