Cloud Discovery API

Note

  • We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

  • Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Cloud Discovery APIs allow developers to automate log uploads, list and interact with discovered apps, and generate block scripts for enforcement by a firewall or a Security Web Gateway.

Automate log updates

Cloud Discovery APIs for automating log uploads enable you to upload files generated by your firewall or Security Web Gateway to find Shadow IT in your cloud environment and list discovered cloud apps.

Use the Cloud Discovery API to automate the uploading of your company's discovery log files. The file upload process consists of the following 3 API endpoints which must be called consecutively.

List continuous reports and categories

As part of its Cloud Discovery solution, Defender for Cloud Apps uses continuous reports. These reports represent an automatic log upload from a specific data source (such as your Microsoft Defender for Endpoint devices). Each continuous report contains the following:

  • Discovered apps: All apps found in the specified continuous report
  • Categories: All app categories associated with the specified continuous report

You can use the following API endpoints to work with continuous reports.

Blocking unsanctioned applications using a firewall or Security Web Gateway

Defender for Cloud Apps enables you to block access to unsanctioned apps by using your existing on-premises security appliances. Use the Generate block script call to get a dedicated block script and import it to your appliance.

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.