Security configuration for AWS

Applies to: Microsoft Cloud App Security


Threat protection product names from Microsoft are changing. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Microsoft Cloud App Security provides you with a security configuration assessment of your Amazon Web Services environment. This assessment provides fundamental security recommendations based on the Center for Internet Security (CIS) benchmark for AWS.


  • AWS Security Hub must be set up for all your AWS account regions. For more information, see Setting Up AWS Security Hub.


    If this is the first time you're enabling Security Hub, it can take several hours for the initial data to become available.

  • Your Amazon Web Services must be connected to Cloud App Security. For more information, see Connect AWS to Microsoft Cloud App Security.

How to view AWS security recommendations

  1. In Cloud App Security, browse to Investigate > Security configuration, and then select the Amazon Web Services tab.


    It might take up to 15 minutes before your changes take effect.

    security configuration menu

  2. You can filter the recommendations by type, by resource, and by accounts. Additionally, you can click on the security configuration icon ASC icon to open the recommendation in Amazon Security Hub for more information and to deep dive into the recommendation.


    To make investigation even simpler, you can create custom queries and save them for later use. After you've finished building your query, click the Save as button in the top right corner of the filters. In the Save query pop-up, name your query.

    security configuration

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.