Activity privacy

Note

We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Microsoft Defender for Cloud Apps provides enterprises with the ability to granularly determine which users they want to monitor based on group membership. Activity privacy adds the ability to follow your organization's compliance regulations without compromising user privacy. This is achieved by enabling you to monitor users whilst maintaining their privacy by hiding their activities in the activity log. Only authorized admins have the option to choose to view these private activities, with each instance being audited in the governance log.

Configure activity privacy user groups

You may have users in Defender for Cloud Apps that you want to monitor but, due to compliance regulations, you need to limit the people who can do so. Activity privacy allows you to define a user group for which the activities will be hidden by default.

To configure your user privacy groups, you must first import user groups to Defender for Cloud Apps. By default, you'll see the following groups:

  • Application user group - A built-in group that enables you to see activities performed by Office 365 and Azure AD applications.

  • External users group - All users who aren't members of any of the managed domains you configured for your organization.

  1. In the menu bar, click the settings cog and select Scoped deployment and privacy.

    settings icon.

  2. To set specific groups to be monitored by Defender for Cloud Apps, in the Activity privacy tab, click the plus icon. icon.

  3. In the Add user groups dialog, under Select user groups, select all the groups you want to make private in Defender for Cloud Apps, and then click Add.

    Screenshot showing the add user groups dialog box.

    Note

    Once a user group is added, all the activities performed by users of the group will be made private from then on. Existing activities are not affected.

Assign admins permission to view private activities

  1. In the menu bar, click the settings cog and select Manage admin access.

    settings icon.

  2. To give specific admins permission to view private activities, in the Activity privacy permissions tab, click the plus icon. icon.

  3. In the Add admin permission dialog, enter the admin's UPN or email address, and then click Add permission.

    Screenshot showing the add admin permission dialog box.

    Note

    Only admins can be assigned permission to view private activities.

Viewing private activities

Once an admin has been granted the appropriate permission to view private activities, they have the option to choose to see these activities in the activity log.

To view private activities

  1. In the Activity log page, to the right of the activity table, click the settings icon, and then select Show private activities.

    Screenshot showing the activity log settings icon.

  2. In the Show private activities dialog, click OK to confirm that you understand that the action is being audited. Once confirmed, the private activities are shown in the activity log and the action is recorded in the governance log.

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.