Workload Identities & App ManagementMicrosoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps

30 mins

Understanding the Concept

Microsoft Defender for Cloud Apps (MDCA) is a Cloud Access Security Broker (CASB) that provides visibility, control, and threat protection for cloud applications. It discovers shadow IT (unapproved cloud apps), monitors user activity, and enforces data protection policies.

Cloud discovery analyzes traffic logs to identify cloud app usage, risk scores, and compliance status. Connected apps provide deeper integration with popular SaaS apps for activity monitoring, file scanning, and policy enforcement.

Access and session policies in MDCA work with Conditional Access App Control to provide real-time monitoring and control. They can block downloads, prevent copy/paste, watermark documents, and require step-up authentication for sensitive operations.

Key Points

  • Cloud discovery: Identify shadow IT and unapproved cloud app usage
  • Connected apps: Deep integration with M365, Salesforce, Box, etc.
  • Access policies: Control who can access cloud apps and from where
  • Session policies: Real-time monitoring and control of in-app actions
  • OAuth app policies: Monitor and control third-party OAuth app permissions

Defender for Cloud Apps Architecture

Step 1

Discovery

Analyze traffic to find all cloud apps in use

Step 2

Connect Apps

API connectors for deep visibility into SaaS apps

Step 3

Policies

Create access, session, and activity policies

Step 4

Real-Time Control

CA App Control for session monitoring

Step 5

OAuth Governance

Monitor and control third-party app permissions

Why This Matters in Real Organizations

Most organizations have significant shadow IT - employees use hundreds of cloud apps without IT knowledge. MDCA provides visibility into this usage, enables risk assessment, and extends security policies to all cloud applications, not just those integrated with Entra ID.

Common Mistakes to Avoid

Deploying MDCA without reviewing cloud discovery results first
Not connecting key SaaS apps for deeper monitoring
Creating session policies that block too many legitimate user actions
Ignoring OAuth app governance and third-party permissions

Interview Tips

  • Explain shadow IT discovery and its security implications
  • Discuss session policy use cases for data protection
  • Mention OAuth app governance for third-party risk management

Exam Tips (SC-300)

  • Know MDCA components: discovery, connected apps, policies
  • Understand access vs session policies
  • Know how MDCA integrates with Conditional Access App Control

Course Complete!

You've finished all lessons

Previous|Next|HHome