Basic setup for Cloud App Security

Applies to: Microsoft Cloud App Security

The following procedure gives you instructions for customizing the Microsoft Cloud App Security portal.

Prerequisites

For portal access, it's necessary to add the following IP addresses to your Firewall's allow list to provide access for the Cloud App Security portal:

  • 104.42.231.28

For US Government GCC High customers, it's also necessary to add the following IP addresses to your Firewall’s allow list to provide access for the Cloud App Security GCC High portal:

  • 52.227.143.223
  • 13.72.19.4

Note

To get updates when URLs and IP addresses are changed, subscribe to the RSS as explained in: Office 365 URLs and IP address ranges.

Set up the portal

  1. In the Cloud App Security portal, in the menu bar, click the settings cog settings icon and select Settings to configure your organization's details.

  2. Under Organization details, it's important that you provide an Organization display name for your organization. It's displayed on emails and web pages sent from the system.

  3. Provide an Environment name (tenant). This information is especially important if you manage more than one tenant.

  4. It's also possible to provide a Logo that is displayed in email notifications and web pages sent from the system. The logo should be a png file with a maximum size of 150 x 50 pixels on a transparent background.

  5. Make sure you add a list of your Managed domains. Adding managed domains is a crucial step. Cloud App Security uses the managed domains to determine which users are internal, external, and where files should and shouldn't be shared. This information is used for reports and alerts.

    • Users in domains that aren't configured as internal are marked as external. External users aren't scanned for activities or files.
  6. Under Auto sign out, specify the amount of time a session can remain inactive before the session is automatically signed out.

  7. If you're integrating with Azure Information Protection integration, see Azure Information Protection Integration for information.

  8. If you're integrating with Azure Advanced Threat Protection integration, see Azure Advanced Threat Protection Integration for information.

  9. If at any point you want to back up your portal settings, this screen enables you to do that. Click Export portal settings to create a json file of all your portal settings, including policy rules, user groups, and IP address ranges.

Note

If you use ExpressRoute, Cloud App Security is deployed in Azure and fully integrated with ExpressRoute. All interactions with the Cloud App Security apps and traffic sent to Cloud App Security, including upload of discovery logs, is routed via ExpressRoute public peering for improved latency, performance, and security. There are no configuration steps required from the customer side.

For more information about Public Peering, see ExpressRoute circuits and routing domains.

Next steps

Set up Cloud Discovery

Premier customers can also create a new support request directly in the Premier Portal.