Microsoft Defender for Cloud Apps can be used to protect Microsoft 365 tenants in several ways against a world of ubiquitous cyber threats, according to VM, M365, Windows and MSP backup specialist Altaro.
In Altaro‘s regularly updated dojo of guides and tips online, Paul Schnackenburg noted that there would be no going back to the days of heavy reliance on good firewall systems with content filtering and malware inspection — even though threats are everywhere.
“When your VPN went from 10% of the workforce using it to 100% at the start of 2020, how was the user experience? And even if that was mitigated, how’s their experience when they’re using Teams or Zoom?” he wrote.
Many users will continue to work remotely at least some of the time. In addition, many of the applications and services they need aren’t on-prem any more. Often, they’re cloud services accessible from any device with an internet connection, Schnackenburg said.
Today, customers’ files can be backed up on their Windows-based endpoints, such as desktops and laptops, and managed through a multi-tenant console on a monthly subscription.
“That the world of IT is changing is an understatement, and that it’s changing quicker than it used to is common knowledge,” Schnackenburg said.
Newer approaches will look at using Cloud Access Security Brokers (CASBs), including Microsoft’s Defender for Cloud Apps (MDCA), formerly known as Microsoft Cloud App Security (MCAS).
It’s about tackling issues such as shadow IT, as opposed to Microsoft Defender for Cloud — formerly Azure Defender — which is about protecting workloads in Azure, AWS and Google Cloud Platform (GCP), Schnackenburg wrote.
“You can continuously upload logs from your on-premises firewalls and proxy servers, you can integrate directly with a set of cloud services that have API connections and you can use Microsoft Defender for Endpoint as an agent for MDCA,” he noted. “And the number of cloud services that can be integrated into MDCA is increasing.”
At the time of writing, 20 cloud services — including popular choices like Slack, Salesforce and ServiceNow — can be integrated. There are also multiple choices of supported firewall or proxy, he said.
“Once you have data flowing into Defender for Cloud Apps through any of the methods above, you’ll start getting Cloud Discovery reports. This will tell you what service categories are most used, which apps are most used by your users and if there’s the usage of high/medium and low-risk apps,” he said.