Configure Microsoft Cloud App Security in Microsoft Defender ATP

Applies to:


Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.


This feature will be available with an E5 license for Enterprise Mobility + Security on machines running Windows 10, version 1709 (OS Build 16299.1085 with KB4493441), Windows 10, version 1803 (OS Build 17134.704 with KB4493464), Windows 10, version 1809 (OS Build 17763.379 with KB4489899) or later Windows 10 versions.

  1. In the navigation pane, select Preferences setup > Advanced features.
  2. Select Microsoft Cloud App Security and switch the toggle to On.
  3. Click Save preferences.

Once activated, Microsoft Defender ATP will immediately start forwarding discovery signals to Cloud App Security.

View the data collected

  1. Browse to the Cloud App Security portal.

  2. Navigate to the Cloud Discovery dashboard.

    Image of menu to cloud discovery dashboard

  3. Select Win10 Endpoint Users report, which contains the data coming from Microsoft Defender ATP.

    Win10 endpoint users

This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context.

Notice the new Machines tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app).

Cloud discovery

For more information about cloud discovery, see Working with discovered apps.

If you are interested in trying Microsoft Cloud App Security, see Microsoft Cloud App Security Trial.