configure Cloud App Discovery

Cloud App Discovery is a feature of Microsoft Cloud App Security (MCAS) that enables organizations to discover which cloud applications are being used in their IT environment. For professionals preparing for the MS-101 Microsoft 365 Mobility and Security exam, understanding how to configure Cloud App Discovery is essential. MCAS provides insights into the shadow IT practices within an organization, helping maintain security and compliance.

Prerequisites

Before configuring Cloud App Discovery, certain prerequisites must be fulfilled:

• An active subscription to Microsoft Cloud App Security.
• Appropriate permissions in the Microsoft 365 Admin Center to access the Cloud App Security portal.
• Network logs from your firewalls and proxies. Supported formats include Check Point, Cisco ASA, Palo Alto Networks, Blue Coat Proxy, and more.

Step by Step Configuration

1. Enable Cloud Discovery

To begin with, you need to navigate to the Cloud App Security portal. Once there, you must turn on Cloud Discovery by setting the appropriate control status.

1. Log into the Cloud App Security portal.
2. Go to Settings (the gear icon), and then select “Cloud Discovery settings”.
3. Toggle the Cloud Discovery to ‘enable’.

2. Upload Traffic Logs

Collect and upload your traffic logs for analysis.

1. Under the Cloud Discovery settings, choose the “Data sources” tab.
2. Click “Add data source” and give your data source a name.
3. Choose the format of your traffic logs.
4. Upload your logs either manually or by using automated log uploaders.

3. Define Discovery Policies

Creating custom discovery policies can help organizations focus on specific types of traffic or behaviors:

1. Within the Cloud App Security portal, navigate to “Control” and then to “Policies”.
2. Click on “Create policy” and select “Cloud Discovery anomaly detection policy”.
3. Set up the policy by specifying criteria such as risk levels, number of transactions, and uploading frequency.
4. Define the actions that should be taken when the policy is triggered, such as generating an alert.

4. Analyze the Cloud Discovery Dashboard

Once the logs are uploaded, the Cloud Discovery Dashboard will provide comprehensive insights into the use of cloud applications.

1. Access the dashboard to view information about recognized apps.
2. Assess the risk score assigned to each application based on more than 70 risk factors.
3. Identify top users, IP addresses, and transactions to understand how cloud apps are being used.

5. Sanction/Unsanction Apps

Decide which applications to allow or block within the organization.

1. In the Cloud App Catalog, find the app you want to sanction or unsanction.
2. Click on the app to view more details.
3. Use the “Sanction” or “Unsanction” action to control its use.

6. Continuous Reporting and Alerts

Set up alerts and scheduled reports for ongoing monitoring.

1. From the “Alerts” menu, configure policies to get real-time notifications for any unusual activities.
2. In the “Reports” tab, schedule regular reports to keep stakeholders informed about cloud app usage and compliance.

Example Use-Case

Let’s take an example of a mid-sized company, Acme Corp, that wishes to discover Shadow IT apps for regulation and compliance purposes.

During the configuration phase, the IT team collects web traffic logs from their network devices. After importing these logs into MCAS, they are able to visualize the use of non-authorized cloud services across departments. Upon reviewing the Cloud Discovery Dashboard, Acme Corp’s IT team notices an alarming use of a high-risk cloud storage application that is not compliant with their data protection policy. They immediately sanction the application and create a policy to monitor any future use.

Additionally, they continuously train their workforce to use sanctioned applications and the risks associated with unauthorized services, thus mitigating the risk of data leaks and non-compliance.

Conclusion

Configuring Cloud App Discovery is crucial to obtaining visibility into unsanctioned cloud applications and mitigating potential security risks. By following these steps and leveraging the tools provided by MCAS, organizations can better manage and control their cloud environment. For MS-101 candidates, understanding this configuration process is important to ensure they have the skills to maintain a secure and compliant Microsoft 365 deployment.