Use the Cloud Discovery dashboard
A typical organization's IT support staff anticipates that their users will use around 30 to 40 apps throughout the organization. The reality is often different, with hundreds of apps, perhaps many more, being used. It's difficult to imagine how IT staff can easily manage apps they know nothing about. And worse, to control possible security threats posed by those unknown apps.
Note
Around 80% of employees in a typical organization use unsanctioned apps. These apps might not meet compliance or security standards of your organization.
What is Cloud App Discovery?
You can use Cloud Discovery in Microsoft Defender for Cloud Apps to learn about the apps being used in your organization. Shadow IT helps you learn about the apps being used, and whether they pose a risk.
When planning to implement Shadow IT Cloud Discovery, there are three key phases to consider. These phases are displayed in the following diagram.
The following table describes these three key phases, which represent a continual process.
| Phase | Description |
|---|---|
| Discover and identify | Run Cloud Discovery to identify your organization's security posture. The first part of this phase is to discover what apps are being used. The second part identifies the risks levels of the discovered apps. |
| Evaluate and analyze | During this phase, you must evaluate compliance and verify whether discovered apps are certified as compliant with your organization's standards. You must also determine app usage. Rarely used noncompliant apps can perhaps easily be blocked. The third part of this phase is to consider alternatives to any detected unsafe or noncompliant apps. |
| Manage and monitor | In the third phase, you must manage discovered cloud apps. This is an ongoing process within an organization, and usually involves classifying apps according to business status or justification for use. You typically use tags during this process. |
These three phases represent a continuous process within your organization. In addition to these three continual phases, you must also consider two additional phases. These are:
Reporting. Use Defender for Cloud Apps options to get insights into your organization's app usage.
Tip
You can integrate Cloud Discovery logs into Microsoft Sentinel for further investigation and analysis.
Controlling. Use app control via APIs or by using Conditional Access App Control, discussed later in this module.
Use the Cloud Discovery dashboard
Your primary means for managing app discovery is the Cloud Discovery dashboard. To access the Cloud Discovery dashboard, use the following procedure:
- Navigate to the Defender for Cloud Apps portal.
- Sign in as a Global Admin.
- In the navigation pane, select Discover and then select Cloud Discovery dashboard.
In the following screenshot of the Cloud Discovery Dashboard, you can review the following information:
What kinds of apps are being used
Open alerts
Risk levels of apps in your organization
Top app users
App Headquarter location map
Use this at-a-glance overview to review the overall cloud app usage in your organization. Then you can:
- Review the top app categories used in your organization for each of the different use parameters.
- Determine how much of this usage is by Sanction apps.
- Investigate the apps in each specific category by using the Discovered apps tab.
- Select the IP addresses tab to review the top users and source IP addresses.
- Use the App Headquarters map to determine how the discovered apps spread by geographic location.
- Review the risk score of the discovered apps in the App risk overview.
- Review discovery alerts status to check how many open alerts should be investigated.
Use the Cloud App Discovery feature
The following video demonstrates how to use Cloud App Discovery Feature: