Basic set up
The following procedure gives you instructions for customizing the Cloud App Security portal.
For portal access it is necessary to add the following IP addresses to your Firewall's whitelist to provide access for the Cloud App Security portal:
To get updates when URLs and IP addresses are changed, subscribe to the RSS as explained in: Office 365 URLs and IP address ranges.
Set up the portal
In the Cloud App Security portal, in the menu bar, click the settings icon and select General settings to configure the following:
Under Organization details, it is important that you provide an Organization display name for your organization. It will be displayed on emails and web pages sent from the system.
Provide an Environment name (tenant). This is especially important if you manage multiple tenants.
It is also possible to provide a Logo that will be displayed in email notifications sent from the system and on web pages sent from the system. The logo should be a png file with a maximum size of 150 x 50 pixels on a transparent background.
Make sure you add a list of your Managed domains. This is a crucial step because Cloud App Security uses the managed domains to determine which users are internal, which are external, and where files should and shouldn't be shared. This is used for reports as well as alerts.
- Users in domains that are not configured as internal will be marked as external and will not be scanned for activities or files.
If you are integrating with Azure Information Protection integration, see Azure Information Protection Integration for information.
If at any point you want to back up your portal settings, this screen enables you to do that. Click Export portal settings to create a json file of all your portal settings, including policy rules, user groups and IP address ranges.
If you use ExpressRoute, Cloud App Security is deployed in Azure and fully integrated with ExpressRoute. All interactions with the Cloud App Security apps and traffic sent to Cloud App Security, including upload of discovery logs, is routed via ExpressRoute public peering for improved latency, performance and security. There are no configuration steps required from the customer side.
For more information about Public Peering, see ExpressRoute circuits and routing domains.