Detect threats and manage alerts with Microsoft Cloud App Security
Cloud App Security helps businesses trigger alert workflows automatically and detect threats across their apps. It provides several threat detection policies that use machine learning analytics to recognize suspicious activities across different applications.
Cloud App Security alerts you when suspicious actions are discovered, such as activity from anonymous IT addresses, suspicious inbox forwarding configurations, ransomware activity and more. This detection policy considers past activity locations and triggers an alert when an activity occurs from a new location by any user in the company.
The Activity Log informs you about the activity that triggered the alert, including the number of open alerts and admin activities for the IP address. You can also explore the alert further by looking at the related activities performed during the user session.
After you have investigated alerts, you are ready to set detection policies on the Policies Page. Here you can check all the policies for your company. Cloud App Security offers a variety of policy templates and populates the different properties of the policy. You can analyze the properties and customize them if needed.
Microsoft Cloud App Security features app permissions that allow you to see which user-installed apps have OAuth permissions and access to data from Office 365, G suite, and Salesforce. OAuth enables a user`s account information to be used by third-party services, without exposing the user`s password. OAuth app permissions help you decide which apps to allow and which ones to disallow in your environment.
Integration of Microsoft Cloud App Security with Azure Advanced Threat Protection and Microsoft Power Automate provides user entity behavior analytics, custom alert automation and orchestration playbooks. By creating a playbook, you can use workflows to authorize customized governance options for your policies.
Microsoft Power Automate also integrates with hundreds of third-party connectors, including Exchange Online, Slack, ServiceNow, Jira and more. You can easily configure your workflow to post an alert message to Teams when triggered. And then navigate to the Policies Page to set a policy to use Power Automate. Now, when accessing Outlook, you will be redirected through Cloud App Security and notified that access to Microsoft Exchange Online is monitored.
Microsoft Cloud App Security helps you control how your data is consumed. It provides advanced analytics to discover and prevent cyberthreats across all your Microsoft and third-party cloud services.