Working with the dashboard

Note

  • We've renamed Microsoft Cloud App Security. It's now called Microsoft Defender for Cloud Apps. In the coming weeks, we'll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

  • Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. For more information about these changes, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

This article describes what you should do with Defender for Cloud Apps daily.

Check the dashboard

The information presented in the dashboard is an overview of all the most important information about your organization. Each information card provides links to a deeper investigation of the information presented. You can also choose to view the dashboard information for a specific app using the filter provided.

Defender for Cloud Apps dashboard.

What can you expect to see in the dashboard?

  • Open alerts
    Shows the number of open alerts, a graph of the alert status distribution, and recent alerts

  • Discovered apps
    Shows the number of discovered apps, a graph of the app risk distribution, and the top app categories by traffic.

  • Top users to investigate
    Shows the number of users to investigate and the users with the highest investigation priority.

  • Conditional Access App Control
    Shows the number of apps protected by Conditional Access App Control as well as the number of protected sessions and actions over the last 30 days.

  • App connectors status
    Shows the number of API connected app instances and their status.

  • Files infected with malware
    Shows the number of files infected with malware.

  • Privileged Office 365 OAuth apps
    Shows the number of rarely used OAuth apps granted highly privileged permissions.

  • Azure security configuration
    Shows the number and severity of Azure security configuration recommendations.

  • AWS security configuration
    Shows the number and severity of AWS security configuration recommendations.

  • DLP alerts
    Shows a graph of DLP alerts over the last 30 days.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.