Microsoft Defender for Cloud Apps Deep Dive | Virtual Ninja Training with Heike Ritter

Summary of "Microsoft Defender for Cloud Apps Deep Dive | Virtual Ninja Training with Heike Ritter"
Introduction
• Hosts: Heike Ritter and Caroline Lee.
• Series: Microsoft 365 Defender Ninja Show, Part 2 on Microsoft Defender for Cloud Apps (MDCA).
• Focus: Information protection, threat protection, and app governance.
Key Points
1. Recap of Discovery:
• Discovery involves identifying all SaaS applications in the environment, including shadow IT.
• Helps organizations see which applications are safe or risky.
2. Information Protection:
• Setup: Connect your applications to MDCA, and data will automatically feed into it.
• Policies and Labels:
• Use built-in policy templates for applications like Box.
• Integration with Microsoft Purview allows applying sensitivity labels.
• Policy Creation:
• Create policies to protect data at rest.
• Example: Policy for stale externally shared files.
• Data Classification Service: Recommended for better sensitive information detection, replacing the legacy built-in DLP.
3. Threat Protection:
• Built-In Policies: Includes mass-download by a single user, new high-volume application alerts, etc.
• User Baselines: Establishes baselines for users to detect deviations (e.g., impossible travel, risky sign-ins).
• Advanced Hunting: Allows creating custom detection rules using the CloudAppEvents table.
• Example: Query to detect users adding guest accounts to tenants.
4. App Governance:
• Focus: OAuth applications and app-to-app interactions.
• Incident Management: Detects unusual activities, maps alerts to MITRE ATT&CK framework.
• Policies: Includes actions like disabling overprivileged applications.
• Trial Available: Users can try app governance to understand its benefits and functionality.
5. Demo Highlights:
• Files Page: Shows files in connected applications, highlights those matching policies.
• Policy Configuration: Demonstrates creating and configuring policies using templates and governance actions.
• Advanced Hunting Demo: Shows how to create and run custom queries to detect security incidents.
• App Governance Dashboard: Provides insights into overprivileged apps, incidents, policies, and threats.
6. Resources and Final Thoughts:
• Resources:
• Defender for Cloud Apps overview video.
• Technical blogs and documentation.
• Conclusion: Encourages viewers to explore resources and stay tuned for future episodes.
Summary
The deep dive into Microsoft Defender for Cloud Apps covers essential aspects such as information protection, threat protection, and app governance. The episode provides practical examples, demos, and insights into setting up and using MDCA to secure cloud applications. It highlights the integration with Microsoft Purview, the importance of custom policies, and the benefits of advanced hunting and app governance. The session concludes with references to additional resources for further learning.

Thank you for enabling the comments! and thank you for the information.

Hi Hilke, this presenter is not answering your questions, you are doing a good job by answering your questions yourself. I think shes more of a sales person not a technical person that is need for this session that can show us diffrent scenerio. I think you need to bring someone that could answer question like the cloup app control over BYOD and many more

When will Defender for Cloud Apps provide insights from MacOS devices?

sorry spelt your name wrong! 🤗 Heike