Connect Atlassian to Microsoft Defender for Cloud Apps

Note

  • We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

  • Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

This article provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Atlassian products using the App Connector APIs. This connection gives you visibility into and control over your organization's Atlassian use.

Note

The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see Atlassian audit log activities.

Prerequisites

  • The Atlassian Access plan is required.
  • You must be signed as an Organization admin to Atlassian.

How to connect Atlassian to Defender for Cloud Apps

Configure Atlassian

  1. Sign in to the Atlassian Admin portal with an admin account.

    Sign in to the  Atlassian Admin portal.

  2. Go to Settings -> API keys and then Create API key. (Atlassian documentation for creating API keys can also be found here).

    Atlassian API keys.

  3. Give the following values to the API key:

    • Name: You can give any name. The recommended name is Microsoft Defender for Cloud Apps so you can be aware for this integration.

    • Expires on: Set the expiration date as one year from the date of creation (this is the Atlassian maximum time for the expiration date).

      Note

      According to Atlassian API requirements, you'll need to create every year an API key for this integration.

      Create API key.

  4. After selecting Create, copy the Organization ID and the API key. You'll need it later.

    Note

    Verify your domain: To see your Atlassian users and their activities in Defender for Cloud Apps, you need to verify your domain. In Atlassian, domains are used to determine which user accounts can be managed by your organization. You won't see users and their activities if their domains aren't verified in the Atlassian configuration. To verify domains in Atlassian see Verify a domain to manage accounts.

Configure Defender for Cloud Apps

  1. In the Defender for Cloud Apps portal, select Investigate and then Connected apps.

  2. In the App connectors page, select the plus button followed by Atlassian.

  3. In the pop-up, give the connector a descriptive name, and press Connect Atlassian.

    Connect Atlassian.

  4. In the next page, enter the Organization ID and API key you saved before.

Note

  • The first connection can take up to four hours to get all users and their activities.
  • The activities that will display are the activities that were generated from the moment the connector is connected.
  • After the connector’s Status is marked as Connected, the connector is live and works.

Update the API key after expiry

  1. When the API key expires (one year after the creation), you'll need to recreate an API key in the Atlassian admin portal with the steps described above.

  2. Afterwards, go to the Defender for Cloud Apps portal and edit the connector:

    Edit connector.

  3. Enter the new generated new API key and select Connect Atlassian.

Rate limits

  • 1000 requests per minute (per API key/connector instance)
  • For more information about the Atlassian API limitation, see Atlassian admin REST APIs.

Limitations

  • Activities will be shown in Defender for Cloud Apps only for users with a verified domain.
  • The API key has a maximum expiration period of one year. After one year, you'll need to create another API key from the Atlassian Admin portal and replace it for the old API Key in the Defender for Cloud Apps console.
  • You won't be able to see in Defender for Cloud Apps whether a user is an admin or not.
  • System activities are shown with the Atlassian Internal System account name.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.