Get started with app governance (in preview)
To begin using the app governance add-on to Microsoft Cloud App Security, you need to take three steps:
- Verify licensing and administrator prerequisites.
- Sign up for the app governance trial.
- Add MCAS integration.
Sign up for free trial of app governance
For existing Microsoft 365 customers:
- Navigate to the sign up page for the free trial.
- Complete the steps to add app governance. Sign-up is simple, as shown in the following graphic.
If you are not already a Microsoft 365 customer, you can sign up for a free trial:
- At the top of this page, select the Free Account button.
- Under Try Microsoft 365 for business select Try 1 month free.
- Complete the steps for the sign-up.
Add integration with MCAS
- Office 365 is connected in Cloud App Security
- Office 365 Azure AD apps are enabled
To enable app governance sync with Cloud App Security, follow these steps:
- Go to your Microsoft Cloud App Security portal – https://portal.cloudappsecurity.com
- Select the gear icon (top right corner) and select Settings.
- Under Threat Protection, select App Governance.
- Select Enable App Governance integration, and then select Save.
To verify the integration with MCAS is active, look for the app governance policies listed below to appear in MCAS. The new policies might take few minutes to appear once integration is enabled.
- Microsoft 365 OAuth app Reputation
- Microsoft 365 OAuth Phishing Detection
- Microsoft 365 OAuth App Governance
Licensing and administrator role prerequisites
- Verify your account has the appropriate level of licensing. App governance is an add-on feature for Microsoft Cloud App Security (MCAS), and thus MCAS must be present in your account as either a standalone product or as part of the various license packages.
- You must have one of the administrator roles listed below to access the app governance pages in the portal.
- Your organization's billing address must be within one of the supported areas of North America, Europe, or Africa in order to activate the free trial.
Licensing for app governance
Before you get started with app governance, you should confirm your Microsoft 365 admin center - subscriptions and any add-ons. To access and use app governance, your organization must have one of the following subscriptions or add-ons:
- Microsoft Cloud App Security
- Microsoft 365 E5
- Microsoft 365 E5 Compliance
- Microsoft 365 E5 Developer (without Windows and Audio Conferencing)
- Microsoft 365 E5 Information Protection and Governance
- Microsoft 365 E5 Security
- Microsoft 365 E5 with Calling Minutes
- Microsoft 365 E5 without Audio Conferencing
- Microsoft 365 A5 Compliance for faculty
- Microsoft 365 A5 Compliance for students
- Microsoft 365 A5 for faculty
- Microsoft 365 A5 for students
- Microsoft 365 A5 Information Protection and Governance for faculty
- Microsoft 365 A5 Information Protection and Governance for students
- Microsoft 365 A5 Security for faculty
- Microsoft 365 A5 Security for students
- Microsoft 365 A5 student use benefits
- Microsoft 365 A5 with Calling Minutes for Faculty
- Microsoft 365 A5 with Calling Minutes for Students
- Microsoft 365 A5 without Audio Conferencing for faculty
- Microsoft 365 A5 without Audio Conferencing for students
- Microsoft 365 A5 without Audio Conferencing for students use benefit
Only Global Admin role can activate the app governance free trial.
One of the following administrator roles is required to see app governance pages or manage policies and settings:
- Application Administrator
- Cloud Application Administrator
- Company Administrator
- Compliance Administrator
- Compliance Data Administrator
- Compliance Reader (read-only)
- Global Reader
- Security Administrator
- Security Operator
- Security Reader (read-only)
Here are the capabilities for each role.
|Role||Read the dashboard||Read all apps||Read policies||Create, update, or delete policies||Read alerts||Update alerts||Read settings||Update settings||Read Remediation||Update Remediation|
|Cloud Application Administrator|
|Compliance Data Administrator|
For additional information about each role, see Administrator role permissions.
Canceling your trial
If you did not participate in private preview and would like to cancel your trial of app governance, you can communicate with your CXE contact, or use these steps:
- In the Microsoft 365 admin center, go to Billing > Your products.
- Navigate to the app governance trial, click the three dots, and select Cancel subscription.
- In the resulting fly-out pane, provide a reason for cancellation, any additional feedback, and select Cancel subscription.
- Select Cancel subscription in the resulting pop up screen. Your trial is cancelled, you will lose access to app governance, and your app governance data will be deleted (log data that is used to create the app governance insights and detections - no emails or other files will be affected).
Known issues for the public preview
The app governance team has identified the following known issues for the preview:
- 2-way sync between Microsoft Defender and app governance alerts – currently alerts resolved in Defender will have to be manually resolved in app governance as well.