快速入門:開始使用 Microsoft Cloud App SecurityQuickstart: Get started with Microsoft Cloud App Security

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

此快速入門提供啟動和執行 Cloud App Security 的步驟。This quickstart provides you with steps for getting up and running with Cloud App Security. Microsoft Cloud App Security 可以協助您利用雲端應用程式的優點,同時保有公司資源的控制權。Microsoft Cloud App Security can help you take advantage of the benefits of cloud applications while maintaining control of your corporate resources. 其運作方式是改善雲端活動的可見度,並協助提升公司資料的保護。It works by improving visibility of cloud activity and helping to increase the protection of corporate data. 在此文章中,我們會逐步引導您完成設定及使用 Microsoft Cloud App Security 的步驟。In this article, we walk you through the steps you take to set up and work with Microsoft Cloud App Security.

您的組織必須擁有使用 Cloud App Security 的授權。Your organization must have a license to use Cloud App Security. 如需定價詳細資料,請參閱 Cloud App Security 授權資料工作表For pricing details, see the Cloud App Security licensing datasheet.

注意

Cloud App Security 不需要任何 Office 365 授權。Cloud App Security does not require any Office 365 licenses.

先決條件Prerequisites

  • 您的組織必須擁有使用 Cloud App Security 的授權。Your organization must have a license to use Cloud App Security. 如需定價詳細資料,請參閱 Cloud App Security 授權資料工作表For pricing details, see the Cloud App Security licensing datasheet.

    如需租用戶啟用支援,請參閱連絡商務產品客戶支援的方式 - 系統管理說明For tenant activation support, see Ways to contact support for business products - Admin Help.

  • 在您擁有 Cloud App Security 的授權之後,您會收到一封電子郵件,其中包含啟用資訊與 Cloud App Security 入口網站的連結。After you have a license for Cloud App Security, you'll receive an email with activation information and a link to the Cloud App Security portal.

  • 若要設定 Cloud App Security,您必須是 Azure Active Directory 或 Office 365 中的全域管理員或安全性系統管理員。To set up Cloud App Security, you must be a Global Administrator or a Security Administrator in Azure Active Directory or Office 365. 請務必了解,獲指派系統管理員角色的使用者在您組織訂閱的所有雲端應用程式中都有相同權限。It's important to understand that a user who is assigned an admin role will have the same permissions across all of the cloud apps that your organization has subscribed to. 無論您是在 Microsoft 365 系統管理中心或 Azure 傳統入口網站中指派角色,或是使用適用於 Windows PowerShell (部分機器翻譯) 的 Azure AD 模組來指派角色,都是如此。This is regardless of whether you assign the role in the Microsoft 365 admin center, or in the Azure classic portal, or by using the Azure AD module for Windows PowerShell. 如需詳細資訊,請參閱指派系統管理員角色 (機器翻譯) 與指派 Azure Active Directory 中的系統管理員角色For more information, see Assign admin roles and Assigning administrator roles in Azure Active Directory.

  • 若要執行 Cloud App Security 入口網站,請使用 Internet Explorer 11、Microsoft Edge (最新)、Google Chrome (最新)、Mozilla Firefox (最新) 或 Apple Safari (最新)。To run the Cloud App Security portal, use Internet Explorer 11, Microsoft Edge (latest), Google Chrome (latest), Mozilla Firefox (latest), or Apple Safari (latest).

存取入口網站To access the portal

若要存取 Cloud App Security 入口網站,請移至 https://portal.cloudappsecurity.comTo access the Cloud App Security portal, go to https://portal.cloudappsecurity.com. 您也可以透過 Microsoft 365 系統管理中心 存取入口網站,如下所示:You can also access the portal through the Microsoft 365 admin center, as follows:

  1. 在 Microsoft 365 系統管理中心,按一下側邊功能表中的 [全部顯示],然後選取 [安全性]。In the Microsoft 365 admin center, in the side menu, click show all, and then select Security.

    存取自 Microsoft 365 系統管理中心

  2. 在 Microsoft 365 安全性頁面中,按一下 [更多資源],然後選取 [Cloud App Security]。In the Microsoft 365 security page, click More resources, and then select Cloud App Security.

    選取 Cloud App Security

步驟 1:Step 1. 為您的應用程式設定立即可見度、保護及治理動作Set instant visibility, protection, and governance actions for your apps

必要工作:連線應用程式Required task: Connect apps

  1. 從設定齒輪選取 [應用程式連接器]。From the settings cog, select App connectors.
  2. 按一下加號以新增應用程式,並選取應用程式。Click the plus sign to add an app and select an app.
  3. 請遵循設定步驟來連結應用程式。Follow the configuration steps to connect the app.

為何要連結應用程式?Why connect an app? 連結應用程式之後,您可以取得更深的可見度,讓您可以調查您雲端環境中應用程式的活動、檔案與帳戶。After you connect an app, you can gain deeper visibility so you can investigate activities, files, and accounts for the apps in your cloud environment.

步驟 2:Step 2. 使用原則來控制雲端應用程式Control cloud apps with policies

必要工作:建立原則Required task: Create policies

建立原則To create policies

  1. 移至 [控制] > [範本]。Go to Control > Templates.
  2. 從清單中選取原則範本,然後選擇 (+) [建立原則]。Select a policy template from the list, and then choose (+) Create policy.
  3. 自訂原則 (選取篩選、動作與其他設定),然後選擇 [建立]。Customize the policy (select filters, actions, and other settings), and then choose Create.
  4. 在 [原則] 索引標籤上,選擇原則以查看相關的相符項目 (活動、檔案、警示)。On the Policies tab, choose the policy to see the relevant matches (activities, files, alerts). 祕訣:若要涵蓋所有雲端環境的安全性案例,請為每個風險類別建立原則。Tip: To cover all your cloud environment security scenarios, create a policy for each risk category.

原則對組織有何幫助?How can policies help your organization?

您可以使用原則來協助您監視趨勢、查看安全性威脅,以及產生自訂報表與警示。You can use policies to help you monitor trends, see security threats, and generate customized reports and alerts. 有了原則,您就可以建立治理動作,以及設定資料外洩防護與檔案共用控制措施。With policies, you can create governance actions, and set data loss prevention and file-sharing controls.

步驟 3:Step 3. 設定 Cloud DiscoverySet up Cloud Discovery

必要工作:啟用 Cloud App Security 以檢視您的雲端應用程式使用狀況Required task: Enable Cloud App Security to view your cloud app use

  1. 與 Microsoft Defender ATP 整合,以自動啟用 Cloud App Security 來監視您公司內外的 Windows 10 裝置。Integrate with Microsoft Defender ATP to automatically enable Cloud App Security to monitor your Windows 10 devices inside and outside your corporation.

  2. 如果您使用 Zscaler,請將其與 Cloud App Security 整合If you use Zscaler, integrate it with Cloud App Security.

  3. 若要達到完整的涵蓋範圍,請建立連續 Cloud Discovery 報表To achieve full coverage, create a continuous Cloud Discovery report

    1. 從設定齒輪中,選取 [Cloud Discovery 設定]。From the settings cog, select Cloud Discovery settings.
    2. 選擇 [自動記錄上傳]。Choose Automatic log upload.
    3. 在 [資料來源] 索引標籤上,新增您的來源。On the Data sources tab, add your sources.
    4. 在 [記錄收集器] 索引標籤上,設定記錄收集器。On the Log collectors tab, configure the log collector.

建立 Cloud Discovery 報告快照To create a snapshot Cloud Discovery report

移至 [探索] > [快照報告] 並遵循所示的步驟。Go to Discover > Snapshot report and follow the steps shown.

為什麼要設定 Cloud Discovery 報告?Why should you configure Cloud Discovery reports?

在您的組織中掌握影子 IT 的可見度非常重要。Having visibility into shadow IT in your organization is critical. 分析記錄之後,您可以輕鬆地找出哪些雲端應用程式為使用中、由哪些人使用,以及在哪些裝置上使用。After your logs are analyzed, you can easily find which cloud apps are being used, by which people, and on which devices.

步驟 4:Step 4. 您的體驗個人化Personalize your experience

建議的工作:新增您的組織詳細資料Recommended task: Add your organization details

輸入電子郵件設定To enter email settings

  1. 從設定齒輪中,選取 [郵件設定]。From the settings cog, select Mail settings.
  2. 在 [電子郵件寄件者身分識別] 下,輸入您的電子郵件地址與顯示名稱。Under Email sender identity, enter your email addresses and display name.
  3. 在 [電子郵件設計] 下,上傳您組織的電子郵件範本。Under Email design, upload your organization's email template.

設定管理通知To set admin notifications

  1. 在導覽列中,選擇您的使用者名稱,然後移至 [使用者設定]。In the navigation bar, choose your user name, and then go to User settings.
  2. 在 [通知] 下,設定針對系統通知您想要設定的方法。Under Notifications, configure the methods you want to set for system notifications.
  3. 選擇 [儲存]。Choose Save.

自訂分數計量To customize the score metrics

  1. 從設定齒輪中,選取 [Cloud Discovery 設定]。From the settings cog, select Cloud Discovery settings.
  2. 從設定齒輪中,選取 [Cloud Discovery 設定]。From the settings cog, select Cloud Discovery settings.
  3. 在 [分數計量] 下,設定各種風險值的重要性。Under Score metrics, configure the importance of various risk values.
  4. 選擇 [儲存]。Choose Save.

現在,對探索到的應用程式所提供的風險分數,已根據您的組織需求與優先順序精確地設定。Now the risk scores given to discovered apps are configured precisely according to your organization needs and priorities.

為什麼要將您的環境個人化?Why personalize your environment?

當某些功能已根據您的需求進行自訂時,其效果最佳。Some features work best when they're customized to your needs. 使用您自己的電子郵件範本,為您的使用者提供更好的體驗。Provide a better experience for your users with your own email templates. 決定您會收到哪些通知,並自訂風險分數計量,以符合組織的喜好。Decide what notifications you receive and customize your risk score metric to fit your organization's preferences.

步驟 5:Step 5. 根據您的需求整理資料Organize the data according to your needs

建議的工作:設定重要設定Recommended task: Configure important settings

建立 IP 位址標記To create IP address tags

  1. 從設定齒輪中,選取 [Cloud Discovery 設定]。From the settings cog, select Cloud Discovery settings.

  2. 從設定齒輪選取 [IP 位址範圍]。From the settings cog, select IP address ranges.

  3. 按一下加號來新增 IP 位址範圍。Click the plus sign to add an IP address range.

  4. 輸入 IP 範圍詳細資料位置標籤類別Enter the IP range details, location, tags, and category.

  5. 選擇 [建立]Choose Create.

    現在您可以在建立原則時,以及在篩選和建立連續報告時使用 IP 標籤。Now you can use IP tags when you create policies, and when you filter and create continuous reports.

建立連續報告To create continuous reports

  1. 從設定齒輪、[Cloud Discovery 設定]。From the settings cog, Cloud Discovery settings.
  2. 在 [連續報告] 下,選擇 [建立報表]。Under Continuous reports, choose Create report.
  3. 遵循設定步驟。Follow the configuration steps.
  4. 選擇 [建立]Choose Create.

現在,您可以根據自己的喜好 (例如業務單位或 IP 範圍) 來檢視探索到的資料。Now you can view discovered data based on your own preferences, such as business units or IP ranges.

新增網域To add domains

  1. 從設定齒輪中,選取 [設定]。From the settings cog, select Settings.
  2. 在 [組織詳細資料] 下,新增組織的內部網域。Under Organization details, add your organization's internal domains.
  3. 選擇 [儲存]。Choose Save.

為什麼要進行這些設定?Why should you configure these settings?

這些設定可讓您更有效地控制主控台中的功能。These settings help give you better control of features in the console. 若使用 IP 標籤,您可以更輕鬆地建立符合您需求的原則、正確地篩選資料等等。With IP tags, it's easier to create policies that fit your needs, to accurately filter data, and more. 使用資料檢視,將您的資料分組成邏輯類別。Use Data views to group your data into logical categories.

後續步驟Next Steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket..