Microsoft Defender for Cloud Apps Primary Use Case

RK
Cloud Security & Governance at a financial services firm with 10,001+ employees

MCAS was onboarded for the purpose of detecting shadow IT. As the organization moved towards more SaaS solutions, we wanted to make sure that there is a way to monitor and govern the IT services coming up as shadow IT. We are a very big organization where a lot of services get onboarded, and some of the things may go unnoticed. We wanted to detect the shadow IT software being installed or shadow IT happening within a department or business unit.

We also wanted to make sure that the cloud access security broker provides a DLP kind of solution for Office 365. For example, if I am uploading a document with PI data, MCAS should scan and make sure that the right classification is applied. When the right classification is applied, the document gets encrypted, and relevant information protection is applied. If the right classification is not applied, the users are alerted to make sure that they go and remediate the document, task, file, etc.

This is how we started with this solution the last year. Going forward, as a strategic solution, we are also looking at using MCAS to govern the Office environment. We have started onboarding solutions like Microsoft Teams, SharePoint Online, OneDrive, and Exchange Online. 

Our setup is a mixture of on-premises and cloud solutions. At this point in time, the major cloud providers are AWS and Azure, and we also have on-premises products such as Symantec DLP, Doc Scan, etc.

View full review »
Jagadeesh Gunasekaran - PeerSpot reviewer
Cyber security engineer at a tech services company with 10,001+ employees

We were looking for protection for cloud applications, specifically for the SharePoint directory. One of the use cases is to monitor employees who are leaving the organization in the next month. We do this by placing them in a separate Active Directory container and monitoring their activity. 

For example, we would monitor if they download a large number of files from cloud applications, delete something, or engage in other abnormal activities. This is one use case for Microsoft Defender for Cloud Apps.

View full review »
EW
Security Principal at Trifecta Cloud Security Solutions

We use Defender for governance, discovery, and application awareness. It's also useful for detecting shadow IT and anomalous user behavior. 

View full review »
Buyer's Guide
Microsoft Defender for Cloud Apps
March 2024
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Sachin Vinay - PeerSpot reviewer
Network Administrator at Amrita

We primarily use Microsoft Defender for Cloud to secure and provide controlled access to our applications. We have a few hosted applications in the cloud, including some of our critical applications. We need a solid firewall and security setup in the cloud to protect all those applications. Microsoft Defender for Cloud serves this purpose because it provides efficient security for our cloud applications. Its controlled auditing and other filtering setups also offer uninterrupted access to users. 

We use Defender for Identity and Defender for Cloud. Integrating the two is entirely straightforward. Once we deploy Azure or any other Microsoft services, the integration between each product is released. You can integrate Defender for Cloud and identity management with a click. Both are security features that have to work. If we get a similar log issue from Defender for Cloud, this log is automatically passed to Identity to check if there is any mismatch or identity-based concerns. It'll correlate the logs and easily identify the issues.

These solutions work together natively, each addressing a different security dimension. We prefer this identity-based solution focusing on user identity security, whereas Microsoft Defender for Cloud App concentrates on applications. Application security is the priority in this. Application security also requires identity management because users will be accessing applications based on identity rules. If the identity policies are met, it will easily access these applications hosted in the Cloud. Microsoft Defender Cloud has separate policies to maintain specific access for users based on their privileges, so it is all correlated.

It should work in correlation because we are not using a third-party product for all this security. We expect a solid correlation because everything is the legacy software of Microsoft. We are using multiple Microsoft products with Azure, including OneNote, OneCloud, etc., and every product requires security in each layer. We have numerous layers of protection in Microsoft. Each layer must be correctly oriented and governed by a set of policies so that each level satisfies the user policies and each policy forwards to the next level. So in that way, Microsoft has a different level of setups, and this Microsoft Defender for Cloud is one that last setup.

Our cloud strategy will change as we move more applications to the cloud, and all require security. As we migrate more into the cloud, our security becomes more complex. Once we have applications deployed in the cloud, it is better to have a single vendor for all the security solutions because Microsoft has a solution for each aspect of the application setup. Microsoft provides enough security features that we don't require any third-party applications. Each layer has to complement another layer. Because it is a one-vendor Microsoft solution, it's easy for us to identify and troubleshoot issues. I prefer a single solution rather than a multi-vendor solution.

View full review »
Paarth Saarthi - PeerSpot reviewer
Security Delivery Analyst at a tech services company with 10,001+ employees

We have several use cases including file monitoring, unusual travel activities, user investigation, and activity. It pretty much covers every activity based on the cloud.

View full review »
Anthony Alvarico - PeerSpot reviewer
Deliver Practice Director at DynTek

One thing our clients want to know is what cloud applications their users are using. When you enable Cloud App Security, you can sweep up all the applications that the endpoint is using, such as Dropbox, Box, or OneDrive. 

At Microsoft they use OneDrive and would probably want to restrict it to just that, unless there was a compelling reason to use a third-party application. With Cloud App Security, you can find all the users who are using Dropbox, for example, and then you can sanction those applications and prevent users from using them.

We also use that for alerting and creating policies for notifications and alerts.

View full review »
Waseem Alchaar - PeerSpot reviewer
Security architect at a energy/utilities company with 10,001+ employees

We use the product mainly to manage the accounts for Single-Sign-On purposes.

View full review »
Sunil V Jainapur - PeerSpot reviewer
Associate Architect at Virtusa Global

We primarily use Defender for Cloud Apps to authenticate users of our cloud applications. Defender validates the identity and allows the user to access the application. 

View full review »
SB
Infrastructure Engineer at SBITSC

Mainly, companies use it for end-user compute devices. 

View full review »
SC
Manager Information Security at a venture capital & private equity firm with 11-50 employees

We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.

View full review »
II
COO at Floating-Dot Technology LTD

We help develop and mostly support applications for clients. It creates reports for clients. It works with Microsoft SQL Server and can tell clients if they need some governance standards for user security profiles. For example, if they are using Linux VM, then there are some security updates that come up. If they haven't been updated, they get a prompt telling them, "Look at this CSV security vulnerability. It should be updated as this part of your application."

We have our main office in Lagos with other offices in the UK and America. Due to COVID, we are mostly working remotely and having meetings online. There are 55 endpoints.

View full review »
BG
CTO at a tech services company with 201-500 employees

We have multiple virtual machines that we utilize in the cloud space with different applications on them. We utilize Microsoft Defender for Cloud Apps to monitor those individual application VMs as well as, along with Sentinel, our entire Azure ecostructure.

View full review »
David Frerie - PeerSpot reviewer
Head of IT & Database Management at a educational organization with 51-200 employees

We use it to protect our users' devices against attacks. 

View full review »
PL
SOC Analyst at a consultancy with 10,001+ employees

We use it for security alerts for any possible trouble for users. 

In terms of deployment, we have on-prem servers for now for one of the customers. We also have several customers on the Azure cloud.

View full review »
Adedapo Adeniji - PeerSpot reviewer
Modern Workplace Solution Architect at a tech consulting company with 11-50 employees

We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.

View full review »
Sujeet Bhardwaj - PeerSpot reviewer
Principal Security Engineer at a tech services company with 5,001-10,000 employees

I used to deploy it in the customer's environment and set the requirements. It's used for blocking downloads, for example, and is a security feature for data centers.

View full review »
MM
Software Security Specialist at a tech vendor with 51-200 employees

We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.

View full review »
SS
Support Engineer at Microsoft

We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services.

It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.

View full review »
JS
Senior Solutions Engineer at a tech vendor with 1,001-5,000 employees

The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP. 

View full review »
SG
Senior Cloud & Security Consultant at a tech services company with 11-50 employees

If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that.

Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution.

Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility.

Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.

View full review »
HH
IT Planning Manager at a construction company with 5,001-10,000 employees

They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe.

We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time.

If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.

View full review »
MM
Cloud Security Architect at a tech services company with 501-1,000 employees

We are a consulting firm and we configure this service for our clients.

Our clients use it for Shadow IT systems and processes. It is used specifically for cloud services, such as services that reside in Microsoft Azure.

View full review »
JR
Business System Analyst at a tech company with 201-500 employees

Our primary reason for implementing this product is to deal with spam email.

View full review »
SJ
Cyber Security Engineer at a tech services company with 10,001+ employees

It's used for data governance and security. It's a cloud security tool providing very good discovery around whatever is happening in your organization, such as what users are doing on the internet and how data is flowing out of your organization. It is then used to put controls around what information can go out, who downloads what, and how much they can download. It helps put controls around these types of things to create secure collaboration between your organization and its partners, customers, and vendors.

It's a SaaS platform. It's not like hardware or software where you install new updates or new versions. It's controlled by Microsoft in the backend.

View full review »
it_user1318380 - PeerSpot reviewer
Director Global Strategic Alliances at Larsen & Toubro Infotech Ltd.

We are a solution provider and this is one of the products that we implement for our customers.

Our customers have applications that are running across different clouds or on different platforms. Microsoft Cloud App Security brings them together onto the same platform from a security standpoint. The application can run seamlessly across different clouds, which helps.

View full review »
GB
Enterprise System Engineer at a government with 501-1,000 employees

The use case is for getting visibility over cloud applications that our users are consuming, how they consume it, and using the protection which comes with Cloud App Security with that visibility. It provides monitoring and visibility into cloud apps that our users are using and has ;a layer of security wrapped around that. It identifies malicious activity, if it's occurring, and provides overall protection of our company data from things like data exfiltration and all the other integrations that it has with other Microsoft security products.

It is protecting approximately 800 users. We have four other sources feeding into it from other products that we use. We have several thousand applications for which we get reports and visibility.

It is one of our core tools for monitoring and managing our security posture. In the future, I don't see that changing much. At this stage, I think we are at a good level of how we are using it.

View full review »
KZ
Information Technology Manager at a educational organization with 201-500 employees

We have an educational institution and we are using this solution to personally teach our students these applications.

View full review »
BD
Sr. Technical Engineer/ Sr. Executive at PSR

We use it to protect our organization's data. It has the ability to create and can copy-paste for the end-user. You can take a screenshot from your mobile devices and download some confidential things. After creating the policy you can be assured that a user's data is being protected

We give devices access within a particular device that the user is accessing. We are also certain that there is no chance of scamming or that an email account can be hacked.

We also create a password policy. Whenever the end-user wants to download anything or wants to access anything there has to be some security. It secures the customer's data in their organization. 

View full review »
DW
Cloud Services Director at a tech services company with 11-50 employees

We are using Microsoft Defender for Cloud Apps for different purposes and one of them is for ensuring there is no shadow IT.

View full review »
Buyer's Guide
Microsoft Defender for Cloud Apps
March 2024
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.