Pilot Microsoft Defender for Cloud Apps with Microsoft Defender XDR

Applies to:

  • Microsoft Defender XDR

This article is Step 3 of 3 in the process of setting up the evaluation environment for Microsoft Defender for Cloud Apps. For more information about this process, see the overview article.

Use the following steps to set up and configure the pilot for Microsoft Defender for Cloud Apps.

The steps for piloting the Microsoft Defender for Cloud Apps

Step 1: Create the pilot group—Scope your pilot deployment to certain user groups

Microsoft Defender for Cloud Apps enables you to scope your deployment. Scoping allows you to select certain user groups to be monitored for apps or excluded from monitoring. You can include or exclude user groups. To scope your pilot deployment, see Scoped Deployment.

Step 2: Configure protection—Conditional Access App Control

One of the most powerful protections you can configure is Conditional Access App Control. This protection requires integration with Microsoft Entra ID. It allows you to apply Conditional Access policies, including related policies (like requiring healthy devices), to cloud apps you've sanctioned.

The first step in using Microsoft Defender for Cloud Apps to manage SaaS apps is to discover these apps and then add them to your Microsoft Entra tenant. If you need help with discovery, see Discover and manage SaaS apps in your network. After you've discovered apps, add these apps to your Microsoft Entra tenant.

You can begin to manage these apps by executing the following tasks:

  • First, in Microsoft Entra ID, create a new conditional access policy and configure it to "Use Conditional Access App Control." This configuration helps to redirect the request to Defender for Cloud Apps. You can create one policy and add all SaaS apps to this policy.
  • Next, in Defender for Cloud Apps, create session policies. Create one policy for each control you want to apply.

For more information, including supported apps and clients, see Protect apps with Microsoft Defender for Cloud Apps Conditional Access App Control.

For example policies, see Recommended Microsoft Defender for Cloud Apps policies for SaaS apps. These policies build on a set of common identity and device access policies that are recommended as a starting point for all customers.

Step 3: Try out capabilities—Walk through tutorials for protecting your environment

The Microsoft Defender for Cloud Apps documentation includes a series of tutorials to help you discover risk and protect your environment.

Try out Defender for Cloud Apps tutorials:

For more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the video.

Next steps

Investigate and respond using Microsoft Defender XDR in a pilot environment

Return to the overview for Evaluate Microsoft Defender for Cloud Apps

Return to the overview for Evaluate and pilot Microsoft Defender XDR

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.