Hi everyone, my name is Yoann Mallet, I'm a senior Program Manager with
Microsoft part of the Customer
Experience and Engineering team. Today
we're going to talk about Microsoft
Cloud App Security and its Cloud App
Discovery feature. Cloud App Discovery
will you to get more information about
which cloud applications are in use in
your environment whether these are
perfectly sanctioned and acceptable
applications like Office 365 or
applications that you do not want to see
in your environments. You'll be able to
identify Shadow IT, risky applications
and applications that have potentially
suspicious or risky traffic such as too
much upload, which could indicate some
kind of data exploitation let's start do
a quick demo. Let's start with opening
the Cloud App Security portal right away
we will navigate to the Cloud Discovery
dashboard in this dashboard you can get
a global view of the data captured by
MCAS. The number of apps, the number of users, which type of applications here we
see cloud storage as a majority then you
can also see which are the top apps
being used by the users. OneDrive and Box here, and on the right side you can see
the top users as it is a heavily used
application let's start to investigating
Box. On this page you can see more
information about the usage of the
application consider the number of total
users you can see the amount of traffic
total and just upload and you can see
the trend of usage over the last few
days. Clicking on the Info tab will teach
you more about the app itself it will
know more about its security score it's
divided in several categories: General,
Security, Compliance and Legal. Based on
your own personal need you can actually
change the weight of each of those
settings. The User tabs will give you a
full list of all the users leveraging
this app you can sort it by traffic or
by upload to find out the relevant trend
about how the users are leveraging this
app, after reviewing this data you can
decide if this usage complies or not
with your corporate policy and you can
potentially sanction or unsanctioned the
app.
If you have any suspicions over a large
users traffic you can pivot into its
profile and find out more. Now you can
see more information about how many apps this user has been using and the traffic
trend. Clicking on Discovered apps you
can filter by score and identify
immediately which risky apps is been
leveraging. Leveraging risky apps could
potentially mean that the user has been
compromised and is now uploading
data against his will to very suspicious
providers. This could also suggest poor
user decisions in choosing their cloud
providers and would require better user
education. So now that you've seen that
demo you're probably wondering how does
that data actually get into Microsoft
Cloud App Security, well the key here is
traffic log we want to make sure that
the traffic log from your clients are
able to go all the way to Microsoft
Cloud App Security for that we have
different ways of proceeding. Number one you can use what we call a log collector
that log collector will sit within your
network and will gather logs from your
firewall then the logs are sent directly
to the clouds to Microsoft Cloud App
Security the other way much easier we
can actually benefit from an integration
with Microsoft Defender ATP and when you enable this integration which can
actually be done in one single click the
logs will directly go from your laptop
all the way to Microsoft Defender ATP in
the cloud and that would be wherever the
client is whoever is on-prem or outside
of your corporate premises.
Thank you for watching that video do you
want to see more of these just join a
Security Community with the link showing
up on your screen right now.
