Cloud App Security 的基本設定Basic setup for Cloud App Security

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

下列程序會指示您自訂 Microsoft Cloud App Security 入口網站。The following procedure gives you instructions for customizing the Microsoft Cloud App Security portal.

必要條件Prerequisites

針對入口網站存取,必須將下列 IP 位址新增至防火牆的允許清單,以提供 Cloud App Security 入口網站的存取權:For portal access, it's necessary to add the following IP addresses to your Firewall's allow list to provide access for the Cloud App Security portal:

  • 104.42.231.28104.42.231.28

針對美國政府 GCC High 客戶,也必須將下列 IP 位址新增至防火牆的允許清單,以提供 Cloud App Security GCC High 入口網站的存取權:For US Government GCC High customers, it's also necessary to add the following IP addresses to your Firewall's allow list to provide access for the Cloud App Security GCC High portal:

  • 52.227.143.22352.227.143.223
  • 13.72.19.413.72.19.4

注意

若要在 URL 和 IP 位址變更時取得更新,請訂閱 RSS,如 Office 365 URL 與 IP 位址範圍中所述。To get updates when URLs and IP addresses are changed, subscribe to the RSS as explained in: Office 365 URLs and IP address ranges.

設定入口網站Set up the portal

  1. 在 Cloud App Security 入口網站的功能表列中,按一下 設定齒輪 ![設定] 圖示 ,然後選取 [ 設定 ] 以設定組織的詳細資料。In the Cloud App Security portal, in the menu bar, click the settings cog settings icon and select Settings to configure your organization's details.

  2. 請務必在 [組織詳細資料]**** 下,提供您組織的 [組織顯示名稱]****。Under Organization details, it's important that you provide an Organization display name for your organization. 其會顯示在系統傳送的電子郵件和網頁上。It's displayed on emails and web pages sent from the system.

  3. 提供環境名稱 (租用戶)。Provide an Environment name (tenant). 這項資訊在管理多個租用戶時特別重要。This information is especially important if you manage more than one tenant.

  4. 您也可以在系統傳送的電子郵件通知和網頁上提供標誌It's also possible to provide a Logo that is displayed in email notifications and web pages sent from the system. 標誌應該是大小上限為 150 x 50 像素且為透明背景的 png 檔案。The logo should be a png file with a maximum size of 150 x 50 pixels on a transparent background.

  5. 請確定您新增了 受控網域 的清單,以識別內部使用者。Make sure you add a list of your Managed domains to identify internal users. 新增受控網域是很重要的步驟。Adding managed domains is a crucial step. Cloud App Security 使用受控網域來判斷內部和外部的使用者,以及檔案是否應該共用。Cloud App Security uses the managed domains to determine which users are internal, external, and where files should and shouldn't be shared. 這項資訊用於報告和警示。This information is used for reports and alerts.

    • 位於未設定成內部網域的使用者,會被標示為外部。Users in domains that aren't configured as internal are marked as external. 外部使用者的活動或檔案不受掃描。External users aren't scanned for activities or files.
  6. 在 [ 自動登出] 下,指定會話可保持非使用中的時間量,然後會話才會自動登出。Under Auto sign out, specify the amount of time a session can remain inactive before the session is automatically signed out.

  7. 如果要與 Azure 資訊保護整合相整合,請參閱 Azure 資訊保護整合以取得相關資訊。If you're integrating with Azure Information Protection integration, see Azure Information Protection Integration for information.

  8. 如果您要與 Azure 進階威脅防護整合整合,請參閱 Azure 進階威脅防護整合 以取得資訊。If you're integrating with Azure Advanced Threat Protection integration, see Azure Advanced Threat Protection Integration for information.

  9. 如果您在任何時間點想要備份入口網站設定,此畫面可讓您執行此作業。If at any point you want to back up your portal settings, this screen enables you to do that. 按一下 [ 匯出入口網站設定 ],以建立所有入口網站設定的 json 檔案,包括原則規則、使用者群組和 IP 位址範圍。Click Export portal settings to create a json file of all your portal settings, including policy rules, user groups, and IP address ranges.

注意

若您使用 ExpressRoute,Cloud App Security 會在 Azure 中部署並與 ExpressRoute 完全整合。If you use ExpressRoute, Cloud App Security is deployed in Azure and fully integrated with ExpressRoute. 與 Cloud App Security apps 和傳送至 Cloud App Security 的流量(包括上傳探索記錄檔)的所有互動,都會透過 ExpressRoute 公用對等互連 路由,以改善延遲、效能和安全性。All interactions with the Cloud App Security apps and traffic sent to Cloud App Security, including upload of discovery logs, is routed via ExpressRoute public peering for improved latency, performance, and security. 客戶端不需要任何組態步驟。There are no configuration steps required from the customer side.

如需公用對等互連的詳細資訊,請參閱 ExpressRoute 線路和路由網域For more information about Public Peering, see ExpressRoute circuits and routing domains.

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.