Cloud App Discovery is Microsoft’s service that administratively tracks and monitors cloud apps in your organization. It feeds into Microsoft’s Cloud App Security. The tool offers a set of capabilities that provides a comprehensive solution for visibility, control, and protection of the applications being used in your organization.
Overview of Set-Up Process
Create an Environment
First, you need to provide Microsoft with some details about your environment. The data required may include how many accounts are present, the identity providers (IdP), and information about the firewalls and proxies in use.
Discover and Analyze Cloud Apps
Once you have configured your environment, you can discover and analyze apps in use. By deploying sensors to endpoints or using log files from proxies or firewalls, you can gain visibility over all web traffic. You can use this data to identify the apps and services that are being used in your organization.
Connect Apps
Cloud App Security can be configured to connect directly to the apps that you choose to manage. This allows you to gain comprehensive control over the apps.
Set Policies
Once you’ve connected the apps, you can set up policies to control activities from risky IP addresses, uncommon locations, and more. You can also set up a governance log to review past activities.
Steps to Configure Cloud App Discovery
- Sign in to the Cloud App Security Portal
Once you’ve logged into the portal, navigate to Discovery -> Create snapshot report.
- Configure Snapshot Report
Enter the details of your organization, including the IP address ranges for your domains.
- Download Log Collector
Next, download and install the Microsoft Cloud App Security Log Collector, then click ‘Next’.
- Configure Log Collector
After Log Collector has been installed, open the program and configure it to pull logs from your network devices. Be sure to enter in the correct details, including the URL for the Cloud App Security log upload.
- Configure Network Devices
Make sure your network devices are set up to send logs to the Log Collector.
- Verify Connectivity
Check the “Discovered apps” page of the Cloud App Security portal to ensure the logs are being pulled correctly.
Example:
Let’s consider an example: Assume you’re trying to identify unauthorized file-sharing apps. In the Cloud App Security portal, navigate to ‘Discovered apps’. You can filter the list of discovered apps by category and select ‘File sharing’. You’ll now be able to see any file-sharing apps that have been identified, giving you a head start on understanding and mitigating potential risks.
Summary
Mastering the configuration of Cloud App Discovery requires an understanding of its functionalities and steps. With knowledge and practice with the actual setup, management, and utilization, anyone preparing for the MS-101 Microsoft 365 Mobility and Security exam will build the necessary confidence to deal with cloud apps successfully.
Remember, the purpose is to secure your organization’s sensitive data, ensure compliance, and control how the apps are used. The discovery and control offered by Cloud App Discovery provide a robust approach to securing your cloud applications and forms one of the critical sections in MS-101 Microsoft 365 Mobility and Security exam.
Practice Test
True or False: Cloud App Discovery is a feature that requires Microsoft 365 E5 licensing.
Answer: True.
Explanation: Cloud App Discovery is part of the Microsoft Cloud App Security service, which requires the highest level of Microsoft 365 subscription, specifically the E5 tier.
Which of the following services does Cloud App Discovery depend on for data gathering?
- a) Office 365 Cloud App Security
- b) Microsoft Defender for Endpoint
- c) Microsoft Defender for Identity
- d) Azure Advanced Threat Protection
Answer: a) Office 365 Cloud App Security, b) Microsoft Defender for Endpoint
Explanation: Cloud App Discovery depends on Office 365 Cloud App Security Broker (CASB) and Microsoft Defender for Endpoint for data gathering.
True or False: Cloud App Discovery supports non-Microsoft cloud apps.
Answer: True.
Explanation: Cloud App Discovery can identify over 16,000 cloud applications including those from third-party including Google, Amazon, Dropbox, and others.
Single select: Which of the following are prerequisites for configuring Cloud App Discovery?
- a) Azure AD Premium
- b) Microsoft 365 E3
- c) Domain Administrator rights
- d) Microsoft 365 E5
Answer: d) Microsoft 365 E5
Explanation: To configure Cloud App Discovery, you would need the E5 licensing of Microsoft
True or False: Understanding cloud usage patterns is one of the objectives of Cloud App Discovery.
Answer: True.
Explanation: One of the main purposes of Cloud App Discovery is to help administrators understand cloud usage patterns and manage risks.
Multiple Select: Through Cloud App Discovery, what visibility does it provide to IT admins?
- a) Unauthorized cloud app usage
- b) Data Flow Patterns
- c) Number of users who have downloaded a specific app
- d) Threats from specific apps
Answer: a) Unauthorized cloud app usage, b) Data Flow Patterns, d) Threats from specific apps
Explanation: Cloud App Discovery provides visibility into the use of Shadow IT, data flow patterns, and risk scoring and analytics for discovered apps.
True or False: Network logs can be exported from the Cloud App Discovery dashboard.
Answer: True.
Explanation: Network logs related to tracked apps can be exported from the Cloud App Discovery dashboard, providing further possibilities for analysis.
Single select: What is the minimum user license required for Cloud App Discovery?
- a) Microsoft 365 E3
- b) Microsoft 365 E5
- c) Office 365 E3
- d) Office 365 E1
Answer: b) Microsoft 365 E5
Explanation: Microsoft 365 E5 subscription is needed to use Cloud App Discovery feature.
True or False: Cloud App Discovery can identify risky applications used within an organization.
Answer: True.
Explanation: Cloud App Discovery includes a Cloud app catalog, which can be used to identify and classify risky applications in terms of compliance, legal, or security.
Multiple Select: Cloud App Discovery data can be filtered and analyzed by which of the following parameters?
- a) IP Address
- b) User ID
- c) Device ID
- d) Cloud Application Category
Answer: a) IP Address, b) User ID, d) Cloud Application Category
Explanation: Cloud App Discovery data can be used to filter and analyze data by IP address, User ID, and Cloud application category, among others.
Interview Questions
What is the purpose of Cloud App Discovery in Microsoft 365?
Cloud App Discovery is a feature in Microsoft 365 that enables organizations to identify and analyze the cloud applications used in their environments, providing visibility into shadow IT activities.
What is the primary requirement for configuring Cloud App Discovery?
The primary requirement is having a valid Microsoft 365 E5 or Cloud App Security premium subscription.
How is data collected for Cloud App Discovery?
Data is collected through the use of endpoint agents installed on user devices, network logs and/or firewall logs.
Which operating systems currently support the Cloud Discovery Endpoint Agent?
The Cloud Discovery Endpoint Agent can be installed on Windows, Android, iOS, and macOS devices.
Can Cloud App Discovery identify and analyze all types of cloud applications?
No, it can’t. Cloud App Discovery is mainly designed to analyze and identify web-based SaaS applications.
How are risky apps typically identified in Microsoft Cloud App Discovery?
Risky apps are identified based on a risk score, which considers various factors like the vendor’s security stance, the data handling policy, legal and compliance certificates, and user behavior metadata.
In configuring Cloud App Discovery, what is the role of app tags?
App tags are used to categorize applications based on the organization’s specific needs.
What is the “Sanctioned” status in Cloud App Discovery and what does it signify?
When an app is labeled as “Sanctioned”, it means that this application has been approved by the organization for use.
How do organizations handle unsanctioned apps discovered through Cloud App Discovery?
They may take actions like informing the user about the policy violations, blocking the app, or encrypting data associated with the app as they deem fit.
How can you configure alerts in Microsoft Cloud App Discovery?
You can configure alerts using the Cloud App Security console. The alerts can be set up based on user behavior or anomalies.
Can Cloud App Discovery detect apps that are used outside of the organization’s network?
Yes, as long as the endpoint agent is installed on the device being used, Cloud App Discovery can collect data even if the device is not connected to the organization’s network.
What kind of report can be generated in Cloud App Discovery?
Reports generated can include information such as the number of applications in use, number of users, traffic volume, and risk assessments.
Does using Cloud App Discovery have any impact on the user’s privacy?
Privacy is maintained as Cloud App Discovery does not examine the content of personal files or emails, nor does it provide access to them. It solely focuses on metadata related to application usage.
Is it possible to export Cloud App Discovery data into another security information and event management (SIEM) system?
Yes, using the API provided by Cloud App Security, you can export this data to a SIEM system.
What happens to the Cloud App Discovery data if the Cloud App Security license expires?
The data is stored for 30 days. If the license is renewed within that period, access to the data is restored. After 30 days, the data is deleted.
extutorials.com