GETTING STARTED WITH CLOUD APP SECURITY
APPS, DASHBOARDS & ALERTS
This course explores Microsoft Cloud App Security, including what it is, what it offers, and how it's configured. You'll learn about Cloud Discovery and how to configure Microsoft Cloud App Security. You’ll learn about access policies, policy templates, and how to manage OAuth apps, before diving into Cloud App Security log uploads.
We'll also look at app connectors and at the Cloud App Catalog before moving on to the Cloud App Security dashboard and ways to manage alerts. Finally, we'll cover data management reports.
- Get a solid understanding of Microsoft Cloud App Security including what it is, what it offers, and how it's configured
- Learn how to set up access policies and access templates
- Learn how to manage OAuth apps and Cloud App Security uploads
- Understand how app connectors and the Cloud App Catalog add security to your apps
- Learn about Cloud App Security dashboard, how to manage alerts, and how to generate management reports
This course is intended for those who wish to learn how to use Cloud App Security in Microsoft 365.
To get the most out of this course, you should already have some basic knowledge of Microsoft 365.
Most organizations deploy and use third-party apps that often request permission to access user information and user data, AND they often sign into other cloud apps like Office 365 on behalf of the user. During installation of such apps, users are often prompted to accept these terms – and they often do so without really reading them.
These types of third-party permissions are obviously a security risk to the business. That being the case, it’s important that you monitor the app permissions that users grant to such apps – as doing so provides the visibility and control that are necessary to protect your users and your applications.
This is where the app permissions in Microsoft Cloud App Security come into play. They allow you to see which user-installed OAuth applications in your environment have access to Office 365 data, to Google Workspace data, and to Salesforce data.
Cloud App Security can show you what permissions your organization’s apps have AND it can tell you which users granted these apps access to their Office 365, Google Workspace, and Salesforce accounts.
The OAuth Apps page in Cloud App Security is where you go to find information about the app permissions in your organization’s connected apps. To get to this page, just browse to the Cloud App Security portal and click Investigate.
You can use the Oauth Apps page to view app information, to ban specific apps, and to approve specific apps. For example, if you click on an app on the Oauth Apps page to view information about the app, you can click Permissions to see all permissions that have been granted to that specific app. You can also see how common the app is in other organizations by looking at the app’s Community Use statistics. Clicking Related activity allows you to see any activities in the activity log that are related to the app.
Banning an app is as simple as clicking the ban icon. Approving an app is just as easy. Simply click on the approve icon for the app.
When you ban an app, you have the option to tell you users that the app that they’ve installed has been banned. When you do this, the user is notified that the app will be disabled and that they will no longer have access to the connected app. While notification isn’t required, Microsoft recommends letting users know that you are going to ban such an app – because failing to do so will invariably result in helpdesk calls.
For Google Workspace and for Salesforce, you can revoke permissions to an app OR you can notify the user that they should change the permissions that have been granted to the app.
Revoking permission does exactly what it says it does. It removes all the permissions that were previously granted to the app under "Enterprise Applications" in Azure AD.
To revoke permissions from the OAuth apps page, all you have to do is click on vertical ellipsis at the end of the app’s row and select Revoke app.
If you want to just notify a user that he needs to change the granted permissions of an app, click the Notify user option instead.
When you click Notify user, the user receives a notification similar to what you see on your screen.
The OAuth Apps page can also be used to query your OAuth apps and to audit them. The auditing that Cloud App Security provides allows you to monitor and investigate all activities that are performed.
And lastly, in cases where a seemingly malicious OAuth app is discovered in your organization, you can use the OAuth Apps page to let Cloud App Security team know about it.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.