No video :(

Getting Started with Microsoft Defender for Cloud Apps

Подписаться 133 тыс.

Просмотров 25 тыс.

50% 1

This time I take a look at getting started with Microsoft Defender for CloudApps which is a critical tool in Microsoft 365 security for not only, discovering shadow IT, but also hunting for anomalies and investigating users and apps. A must if you use tools like Intune and Endpoint Manager. As always if you enjoy the video please hit the like & subscribe buttons. Also, any questions please pop them down below. Please note I've also included Timecodes with this video, so you can jump directly to an area of interest. Enjoy :-)
Please visit my website www.Andymalone...
Timecodes
00:00 Start
01:50 Demo Begins - Endpoint Manager / Intune
03:01 Discovering Shadow IT - CloudApp Discovery
03:33 CloudApp Catalog & Risk Scoring
07:14 Exploring the CloudApp Discovery dashboard
08:55 Sanctioning / Un-sanctioning Apps
13:23 Investigating & Analysing User & App anomalies
18:06 Controlling Apps using Policies & Templates
21:36 Managing incidents with Power Automations
23:38 Managing Alerts
26:11 Enabling Microsoft Defender for Identity
26:35 Session conclusion

Опубликовано:

15 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 89

@rajeevbhandari8339 2 года назад

Clear and crisp explanation without beating around bush. You are awesome :)

@AndyMaloneMVP 2 года назад

Aw thanks so much and great to have you on board 😊

@kamrul809 11 месяцев назад

Hi Andy, You are one of the best tutor I have ever seen. I am glad that I have found you on youtube. I am getting real benefit in my profession from your resourceful videos. Please carry on helping people

@AndyMaloneMVP 11 месяцев назад

Thanks so much I really appreciate that😊👍

@RenoAgencyWayland 2 года назад

Favorite comment includes any time you say “this rocks by the way!” Awesome. You Rock Andy! Happy new year!!

@AndyMaloneMVP 2 года назад

Aw thanks and so do you 👏👏😀

@danridgewall3563 Год назад

I attended an office365 course and cert about 8 or 9 yeas ago. It changed my life to your teachings and I am now a consultant and specialising in o365 and mdm management. Another great video and thanks for the clean tand precise teaching you deliver

@AndyMaloneMVP Год назад

Hi Dan, Aw what a lovely thing to say. I’m delighted to hear a success story like this. Congratulations on your career, I wish you great success and it was an absolute pleasure. Great to have you on board and thanks for the kind comment.👍😊

@danridgewall3563 Год назад

@@AndyMaloneMVPNo problem at all, and thanks again. i got the interview of a lifetime coming up so refreshing with your videos :)

@AndyMaloneMVP Год назад

@@danridgewall3563 the best of luck my friend. Let me know how it goes😊👍

@cenilroy7991 2 года назад

I really like to pace of the demo, anyone can easily listen and digest quickly. Very well done.

@AndyMaloneMVP 2 года назад

Thanks so much I really appreciate that👍 and welcome to my channel 😀

@iisely 2 года назад

Thank you for the CLEAR and in-depth explanation !

@AndyMaloneMVP 2 года назад

You’re very welcome and thanks for dropping by.😀

@Rahgozar633 2 года назад

Wow Thank you so much. Great content!

@AndyMaloneMVP 2 года назад

You’re very welcome 🎉👍

@khanmali68 2 года назад

Thank you so much. I am learning lot from your channel. You are definitely one of the best instructor.

@AndyMaloneMVP 2 года назад

Aw how kind thanks so much and I’m delighted to have you onboard 👍😊

@SangameshN 2 года назад

Hey Andy, That was great content. appreciate ur work.:)

@AndyMaloneMVP 2 года назад

You’re very welcome and it’s great to have you on board.👍

@mohammedkhizar8858 7 месяцев назад

Great insights on MS Defender for cloud apps. Thanks and cheers !!!

@AndyMaloneMVP 7 месяцев назад

My pleasure!

@marcoh6177 2 года назад

Excellent video, very practical examples. Thanks a lot!

@AndyMaloneMVP 2 года назад

You are welcome, and thanks for dropping by :-)

@mohammadsadaquat478 Год назад

Great video, covered them features in simple and clear way. Thank you!

@AndyMaloneMVP Год назад

You’re very welcome 👍

@renelysbetancourtvalls4452 2 года назад

Excellent video. Thank you!!!

@AndyMaloneMVP 2 года назад

You’re very welcome, and thank you👍😊

@ExpertTrader100 3 месяца назад

Excellent knowledge

@maaroufkarima4466 Год назад

Great video, Thank you for sharing.

@AndyMaloneMVP Год назад

Thanks for watching!

@dheerajmishra3699 2 года назад

Very very useful and nice explanation.

@AndyMaloneMVP 2 года назад

You’re very welcome and thanks for the kind comment.👍😊

@avanigaddaeverest577 Год назад

Thank you so much sir...it is very clear and easy

@AndyMaloneMVP Год назад

You are most welcome

@chihebchebbi7660 2 года назад

Thank you Andy for the amazing effort!

@AndyMaloneMVP 2 года назад

Thanks so much for the kind comment, I really appreciate it and great to have you on board

@metalgeartech 2 года назад

Excellent video thank you!

@dennymomanyi7220 2 года назад

Good job , you need to do more indepth MCAS/MDCA. You got this art of making things so simple and comprehensible..

@AndyMaloneMVP 2 года назад

Thanks Jenney for your kind comment, I’ll take a look at that for you in due course. All the best, Andy

@user-wl5cs2do8h 2 года назад

ありがとうございます👏

@HawreKoyi1 2 года назад

great work

@AndyMaloneMVP 2 года назад

Thanks I appreciate that

@laurachonorato 2 года назад

This video is perfect! Thank you much and Congrats!

@AndyMaloneMVP 2 года назад

Thanks Laura for your kind comments. I really appreciate it. I’m delighted also that you’re enjoying my videos. All the best, Andy

@berrychowchow4978 Год назад

Thank you for the awesome video1 I went through it from beginning to the end and it helped me a lot to understand it. I do have a few questions if I may? (as I don't currently have access to any demo environment to play around to understand) - What if there are some cloud services that M defender 365 CAN'T DETECT? say, not on their 31000 list. How can Defender do to detect those? - Is it more for real-time monitoring? But, what if I want to download the data and do some analysis, say, to find out all the (API connection excluded) web traffic and figure out what type of structured data has been transferred during a chosen period of time - is there any module of Defender can help? Not sure if you'll see these questions, but thanks heaps in advance!

@AndyMaloneMVP Год назад

Defender uses AI and machine learning to detect behavioural anomalies. Anything, that wouldn’t look right, would get picked up.

@charliespring 2 года назад

What a great videos. It saved me a lot of time from reading the Microsoft docs.

@AndyMaloneMVP 2 года назад

Great to hear from you and thanks for the nice comment, it’s very much appreciated.

@LonelyWolf7679 Год назад

Thank You. helped me alot!

@AndyMaloneMVP Год назад

Delighted to it👍

@nedsec9626 2 года назад

Nice!

@AndyMaloneMVP 2 года назад

Thanks

@KiaOraKerala 2 года назад

Love it.

@AndyMaloneMVP 2 года назад

Thank you kindly

@aakashr3 2 года назад

A very clear information. Request more lessons from you on security front on M365

@AndyMaloneMVP 2 года назад

You’re very welcome absolutely there’s plenty more coming soon

@rohitjaiswal7982 2 года назад

Not getting Cloud discovery dashboard option under Discover

@AndyMaloneMVP 2 года назад

Are you licensed and have the permissions.

@Popcorncandy09 2 года назад

How do we enable this so it shows the Apps, we have turned on the integration under advanced features, but still asks us to create a report and is totally blank compared to your example.

@AndyMaloneMVP 2 года назад

The example that I’m using for my demo has been preloaded with data. The idea of running a report will allow it to collect information on the apps that you are running in your environment. I recommend that you take a look at the getting started guide on toast on microsoft.com. The best of luck and thanks for reaching out.

@OrangeJess Год назад

So much informatorom and so well put! I still have 2 questions though: 1. what’s the difference between discovered apps and cloud app catalog? 2. How can I get a report / export the cloud app catalog? Thank you ☺️

@AndyMaloneMVP Год назад

Discovered apps are the result of a collection process. The cloudapp catalog is a database of all vendor apps.

@OrangeJess Год назад

@@AndyMaloneMVP thanks so much! Is there a way to export the cloud app catalog?

@janiffa31 Год назад

Thank you for the overview of this service. I do have a question: How do I integrate the exclusion groups from 365 Defender (ie: facebook) into MSDef for CA --group that is unsanctioned. I am having a difficult time trying to figure this one out. Any help will be appreciated!

@AndyMaloneMVP Год назад

Hi Jan, thanks for the question. To be honest I think you better ask this question on the Microsoft tech community. I think he would get a faster response to be honest. My technical support capabilities are limited because of time. The best of luck and thanks again

@Dexter_84 Год назад

Thank you for the video. How would Defender for Cloud Apps block users from using certain apps (12:08), especially 3rd party? Is it connected to Endpoint Defender and stops a user from logging in somewhere or how can I imagine this?

@AndyMaloneMVP Год назад

You can block any discovered apps via a combination of Defender for cloudapps. docs.microsoft.com/en-us/defender-cloud-apps/governance-discovery

@sohaibhassan4906 Год назад

Thankyou Sir

@khaldunazar 2 года назад

Create video , really thank you . have a question :how do we add exchange and teams to Conditional access app control I add them, but the setup is incorrect asking me all the time to continue setup please help with it, to configure this step, I searched all the internet cannot find the wright way it always asking for SAML file which i don't have experience all what I need is to make a conditional access session access linked to defender for cloud app could I have your email to send you screen shout of my problem .

@AndyMaloneMVP 2 года назад

Yous seems to be a specific question. For this I would recommend that you have a look at the docs.microsoft.com site as I believe all the settings are explained here.

@donavannaidoo5705 Месяц назад

Is there a policy to auto fill a username and password into an app, reason ( the app should be control by the admin).

@AndyMaloneMVP Месяц назад

Sorry, not that I know of. Perhaps PowerShell

@markusj4729 2 года назад

Great vid, thanks :) Have a question, I presume the Discovery funcationality only picks up apps (shadow IT) used by AAD managed accounts? Or can it discover apps used by other (e.g. private) accounts on a managed endpoint?

@AndyMaloneMVP 2 года назад

Initially Microsoft based on 365 & Azure. But you can connect to MANY 3rd party platforms inc, Google, Amazon, Salesforce etc etc. You can also install connectors on premise to capture an analyse data running on internal apps.

@markusj4729 2 года назад

@@AndyMaloneMVP Thank you for the response. So lets say you work on a company device/endpoint, and use your personal Gmail or Dropbox - will mcas block that (based on IP maybe) or does it only block apps where you use work account (via Azure AD)? :) Thanks

@omowale7884 2 года назад

Good day, Andy. How to delete app from app connector menu?

@AndyMaloneMVP 2 года назад

You can’t. Only block it. Actually as I write this I think you can do it via PowerShell.

@Noursbear 2 месяца назад

I have been confused for months with this Microsoft terminology in Defender for Cloud Apps. Why does "sanctioned" mean "allow" and unsanctioned mean "block" in the eyes of Microsoft? I mean we all know what sanctioned and unsanctioned mean but it should be the other way around or I am missing something here

@karins.5807 2 месяца назад

Sanction is a strange choice of terminology because it has opposing meanings. It can mean “to authorize” or it can mean “to impose a penalty for disobeying a law or rule”. In this case, it’s the former.

@Noursbear 2 месяца назад

@@karins.5807 OK thanks...Cheers....

@satyam1206 2 года назад

how does microsoft casb perform outside of microsoft suite ?

@AndyMaloneMVP 2 года назад

It's fabulous. It looks at all apps, and you can extend its capabilities with connectors to AWS, Google and sooooo many more.

@marcelbruijniks4304 Год назад

What license do you need to get this working? When adding the Microsoft Defender for Cloud Apps and adding this license to userr, i still do no see activity (login for exampe) for other users. Only myself. Also my Discover Dashboard is empty. I only have Cloud app catalog.

@AndyMaloneMVP Год назад

All users have to be licensed.

@marcelbruijniks4304 Год назад

@@AndyMaloneMVP They are and I do see them in Users. I have added the license to users that need to be monitored. In your demo the Discover screen shows far more options then mine. What more do I need to do or add to get this working? Thanks.

@AndyMaloneMVP Год назад

@@marcelbruijniks4304 the options you see delivery end upon the licence you’re using. In my demo I’m using an E5 & EM&S