You dont have javascript enabled! Please enable it! What Is Microsoft Defender For Cloud Apps? All You Should Know - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

What is Microsoft Defender for Cloud Apps? All You Should Know

6 Min. Read

Microsoft Defender for Cloud Apps is the new name for the app known as Microsoft Cloud App Security. This formerly stand-alone app is now part of Microsoft 365 Defender, which allows administrators to manage all of their security through one portal.

Defender for Cloud Apps is designed to complement your existing Microsoft cloud app security solutions and can be deployed in minutes without any code changes or application restarts.

Continue reading to find out more about Microsoft Defender for Cloud Apps to keep your entire network safe from cyber threats.

What is Microsoft Defender for Cloud Apps?

Microsoft Defender for Cloud Apps is a service that provides advanced threat protection for your cloud applications. It uses machine learning and artificial intelligence to detect and block malicious activity and provides you with real-time insights into threats targeting your applications.

Introducing Microsoft Defender for Cloud Apps
Introducing Microsoft Defender for Cloud Apps [ Image Credit Microsoft ]
Here are some of the key features of Microsoft Defender for Cloud Apps:

  • Machine learning and artificial intelligence: Microsoft Defender for Cloud Apps uses these technologies to detect and block threats in real-time.
  • Suspicious activity monitoring: This feature gives you visibility into suspicious activity so you can take action to protect your data.
  • Threat prevention: Microsoft Defender for Cloud Apps helps prevent malware attacks and data breaches by blocking known and unknown threats.
  • Easy to use: The tool is easy to set up and use, so you can get started quickly and without hassle.

Defender for Cloud Apps is known for its quick, user-friendly deployment modes. The app can collect data from logs, API connectors, and reverse proxy.

The Microsoft Defender for Cloud app is managed through a single dashboard and boasts state-of-the-art automation.

What is a Cloud Access Security Broker CASB?

CASB is an acronym for Cloud Access Security Broker. A CASB such as Microsoft Defender for Cloud Apps has many capabilities, including the provision of rich overviews, data control management, and advanced analytics.

Microsoft Defender for Cloud Apps is a CASB that protects all of your Microsoft and third-party services by identifying and vanquishing cyber threats.

To understand what the Defender for Cloud Apps can do for your network and device security, it is important to understand its role as a Cloud Access Security Broker (CASB).

A security broker acts as the gatekeeper between supporting and denying access to those who have access to critical data stored on your cloud. The broker also enables your approved enterprise users to access your data, both in real-time and on the cloud.

CASBS, such as the Defender For Cloud App, detect all overt and covert activity on your network, looking for unusual behaviors, controlling access to your resources, and preventing the leakage of sensitive data with coverage extending across SaaS, PaaS, and LaaS.

Defender for Cloud Apps integrates securely with many systems including CCP, CRM, and HR systems, as well as API use of popular cloud service providers.

Other features include:

  • Monitoring user activities for anomalous behavior
  • Regulating access to your resources
  • Preventing password leaks
  • Evaluating the compliance of cloud services

How CASB Protects Systems and Data

CASBs, such as the Defender for Cloud app, protect your confidential data from malicious actors in a variety of ways.

Let’s discuss each one in more detail.

Risk Ranking

Defender for Cloud Apps identifies all users and third-party apps that can log into your cloud.

It then measures the risk of each user in terms of their risk to your enterprise and blocks any malicious actors.

Data Secure Access

The Defender for Cloud security app knows how to identify and when to allow certain users conditional access to sensitive information.

The app practices data loss prevention (DLP) by immediately securing it upon the detection of malicious actors.

Threat Protection

Adaptive access control (AAC) is a crucial part of the Cloud app’s threat protection, noting suspicious behaviors and limiting access to malware and hackers immediately.

User Entity and Behavior Analysis (UEBA) is used to detect any erratic log-ins, floods of permission requests, and other indications of malicious actors.


Microsoft Defender for Cloud Apps can help you assess the risk and compliance of any discovered cloud app or service against more than 70 risk factors, including general security — for example, whether the app captures an admin audit trail—regulatory compliance such as ISO 27018 and legal factors including GDPR.

These allow your IT team to make informed decisions about which apps should be supported in the organization, and which require additional governance or need to be blocked entirely.

Microsoft Defender supplies dashboards that allow you to pull reports proving that data is preserved, protected, and intact.

How does it Work?

Microsoft Defender for Cloud Apps uses Microsoft’s advanced threat protection technologies to scan emails and attachments for malicious content, and then takes action to block or remove the threat. Defender for Cloud Apps also provides real-time monitoring and reporting of suspicious activity, so you can quickly identify and respond to threats.

Defender for Cloud Apps lifecycle management strategy
Defender for Cloud Apps lifecycle management strategy [ Image Credit Microsoft ]
Its framework works in the following manner:

Monitoring the use of Shadow IT: This helps you identify all the PaaS services, IaaS, and cloud apps that are being used. It actively explores patterns of use and assesses the business readiness of 25,000+ SaaS apps against 80+ risk types.

Protecting sensitive data in the cloud: Upon activation, Microsoft Defender for Cloud enables password protection across all platforms and keeps sensitive information hidden.

Check cloud compliance of apps: This determines whether your cloud applications are in accordance with all applicable norms and regulations or not. It also stops data from getting leaked to non-compliant applications.

Safeguard against cyber threats: Automatically analyzes high-risk activity and tasks corrective action in the event of compromised users or rogue programs.

Common Use Cases

Here are the top use cases of Microsoft Defender for Cloud Apps:

  • Detecting suspicious activity
  • Protecting apps in your organization in real-time
  • Enhancing cloud platform security
  • Extend governance to endpoint remediation
  • Download or block sensitive information

Defender For Cloud Apps Architecture

Integrations with other enterprise solutions are important for the effective and sustainable management of the CASB solution and the organization’s processes and workflows.

Defender for cloud apps uses Cloud Discover to map your entire cloud environment and assess all of the cloud apps that are used by your enterprise.

Microsoft Defender For Cloud Apps Architecture
Microsoft Defender For Cloud Apps Architecture

Non-governable apps are sanctioned and you are granted complete visibility and governance of ones that comply with Cloud Defender security.

Cloud App defender allows you to always be in control over all access and activities within your cloud apps, and you have the authority to fine-tune your own policies and settings.

Cloud Discovery

Cloud discovery is an app utilized by Cloud Defender to analyze how your apps are performing and then create a report of your organization’s cloud use.

You can set up Cloud app security to send you continuous reports via Cloud Discovery log collectors, so you can always monitor your logs.

Sanctioning Apps

Defender for Cloud Apps utilizes a Cloud App catalog to rank and score over 25,000 cloud apps. Each has over 89 risk factors that might affect your cloud security.

Each app is scored and weighted and then your enterprise is assessed for security based on industry standards, regulatory certifications, and best practices.

App Connectors

The Defender for endpoint cloud connectors allows you to procure information directly from any cloud app that you are part of without risking the network.

Cloud Defender app security is able to query third-party apps to scan data, accounts, and content.

Set Rules With Conditional App Control

Microsoft Defender for Cloud Apps Conditional Access app control allows you to set encryption rules, block data visibility, and visibility into unprotected endpoints.

You can also set your own policy template to define your user’s control.

Getting Started

Once you have a license for Defender for Cloud Apps, Microsoft sends you an email with activation info and a link to access the Cloud Apps portal.

Defender four Cloud Apps needs you to either be a global or security administrator in order to set it up. You can use the latest version of Microsoft Edge, Internet Explorer 11, Google Chrome, Mozilla Firefox, or Apple Safari to access the Apps Portal.

To access the Defender for Cloud Apps portal, navigate to:

1) Microsoft 365 admin center > Side menu > Show all > Security
2) Tap on ‘More resources’ and then select Defender for Cloud Apps
3) From this panel, you can do things like set up cloud discovery, protect sensitive information, personalize your experience, organize data, and control cloud apps with policies.


Moving to the cloud requires a dedicated approach to security. As you enable employees to work from virtually anywhere and from any device of their choice, your organizational access perimeters and boundaries will change. It’s important that your new security controls need to adapt to this dynamic environment and be able to quickly respond to the constantly evolving threat landscape.

Microsoft Cloud Defender for Cloud Apps provides users of all levels of state-of-the-art protection against all malicious actors, cyber threats, and surveillance across your entire system’s network, without compromising your control and authority.

It is one of the most popular, comprehensive, and efficient apps meant for cybersecurity professionals.

> Read more: Top 20 use cases for Microsoft Defender for Cloud Apps (CASB).

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author:
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 21+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, Microsoft MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.

A Comparison Guide | Microsoft Sentinel VS Splunk > Security

Backup and Restore Microsoft Sentinel Watchlists – Step-by-Step Guide


Let us know what you think, or ask a question...