Microsoft Defender for Cloud Apps
  • 03 Feb 2025
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

Microsoft Defender for Cloud Apps

  • Dark
    Light

Article summary

Microsoft Defender for Cloud Apps is a solution that helps you secure your cloud applications across Microsoft 365 and other SaaS providers. Defender for Cloud Apps was previously known as Microsoft Cloud App Security. For more information refer to the Microsoft product page.

Integration Method: API

Tables: Account Change, Authentication, Detection Finding, Entity Management, File System Activity

Events

Entities

Get a list of users and organizations using cloud apps

Activities

Get activities of access and password changes

Alerts

Get list of immediate alerts identified by Defender for Cloud Apps

This integration has been tested against Microsoft Defender for Cloud Apps API v1.

Prerequisites

  1. Admin access to Azure Portal

  2. Access to Microsoft Defender console

Configuration Overview

  1. Create an App registration on Azure Portal: application_id and directory_id

  2. Set the permissions on the new API user

  3. Create API credentials: secret value

  4. Logon to Defender console to get the API base URL

  5. Configure DataBee with client key, client secret, baseurl, and tenantid

DataBee Parameters

Microsoft Parameters

Client Key

Application (client) ID

Client Secret

Secret Value

TOKEN URL:<application_id>

Directory (tenantID)

API BASE URL:

API URL – from Defender console

Azure Configuration

To use Microsoft Defender for Cloud Apps API, you need client credentials, tenant id, and tenant region.

  1. Log on to Azure with a user account that has the Global Administrator role.  

  2. Navigate to App registrations and click on New registration. The Register an application page window appears.

A screenshot of a computer  AI-generated content may be incorrect.

A screenshot of a computer  AI-generated content may be incorrect.

  1. Enter the application's registration information:  

    1. In the Name section, enter a meaningful application name that will be displayed to users.

    2. For Supported account types, click the Accounts in any organizational directory option.  

    3. Set the Redirect URI to http://localhost.  

    4. Click on Register to create the application.  

A screenshot of a computer  AI-generated content may be incorrect.

  1. On the app Overview page, copy the Application (client) ID and Directory (tenant) ID for later use.

A screenshot of a computer  AI-generated content may be incorrect.

Add Permissions  

Once the application is created, permissions should be provided to get data. The appropriate permissions for the application are needed to configure these endpoints.

To add permissions for the one endpoint outlined above, from the Azure portal:  

  1. On the Application page, select API Permissions > Add permission > APIs my organization uses.

  2. Search for Defender for Cloud Apps or Cloud App Security (older name) and select it

A screenshot of a computer screen  AI-generated content may be incorrect.

  1. Select Application permissions > Investigation.Read, and then select Add permissions.

A screenshot of a computer  AI-generated content may be incorrect.

  1. Select Grant admin consent and click Yes on the pop up box

A screenshot of a computer  AI-generated content may be incorrect.

  1. The following permissions will be granted

Endpoints

Permission

/api/v1/entities/

Investigation.read

/api/v1/activities/

Investigation.read

/api/v1/alerts/

Investigation.read

Create the Client ID and Client Secret  

The next step is creating a Client ID and Client Secret for API access. To create these items, from the Azure Portal:  

  1. Select the DataBee application

  2. Click Certificates and Secrets, and then Client Secrets.

  3. Click New client secret. Then add a client secret window appears.

  4. Enter a Description for this client secret and the expiry period from the Expires drop-list.  

A screenshot of a computer  AI-generated content may be incorrect.

  1. Click Add.

  2. Copy the Value field, which will be used when configuring DataBee.

A screenshot of a computer  AI-generated content may be incorrect.

Get Defender API URL

  1. Open Microsoft Defender Portal and select Settings

A screenshot of a computer  AI-generated content may be incorrect.

  1. Select Cloud Apps.

A screenshot of a computer  AI-generated content may be incorrect.

  1. Under System, select About.

  2. Copy the API URL and Data center value for DataBee configuration.

A screenshot of a computer  AI-generated content may be incorrect.

DataBee Configuration

  1. Login to the DataBee console and navigate to the Data > Data Sources tab

A screenshot of a computer  Description automatically generated

  1. Click on Add New Source

A screenshot of a computer  Description automatically generated

  1. Search for Defender for Cloud Apps and select it

A screenshot of a computer  Description automatically generated

  1. Select API Ingest

  2. Enter basic contact information in the dialog box and click Next

  3. In the detailed configuration boxes, ensure the following fields are filled

  1. Click Submit


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence