Overview:
Shadow IT and unsanctioned cloud applications represent one of the fastest-growing risk vectors for modern organizations.
Microsoft Defender for Cloud Apps provides comprehensive visibility, control, and protection across cloud services. This hands-on workshop covers the full capabilities of the platform - from cloud discovery and app risk scoring to session controls, policy-based governance, and integration with Microsoft Defender for Endpoint. Attendees will configure cloud discovery, build access and session policies using Conditional Access App Control, set up anomaly detection policies, and learn how to investigate threats using the activity log and governance actions.
Why you should Attend:
Unsanctioned cloud apps can quietly move sensitive data outside approved controls. This workshop shows how to discover, assess, monitor, and govern cloud app risk before it becomes a breach or compliance problem.
Areas Covered in the Session:
- Cloud Discovery: identifying shadow IT through traffic log analysis and Defender for Endpoint integration
- Cloud App Catalog: risk scoring, app assessment, and sanctioning or unsanctioning cloud applications
- Conditional Access App Control: real-time monitoring and control of user sessions in cloud apps
- Building access policies: restricting downloads, blocking copy/paste, and enforcing DLP during sessions
- Anomaly detection policies: impossible travel, mass download, suspicious inbox rules, and ransomware activity
- File policies and DLP: scanning cloud storage for sensitive content and applying governance actions
- Activity log investigation: filtering, searching, and analyzing user activities across connected apps
- OAuth app governance: reviewing and revoking risky third-party app permissions
- Integration with Microsoft Defender for Endpoint, Entra ID, and Microsoft Purview
Who Will Benefit:
- Security Administrators
- IT Managers
- Compliance Officers
- Cloud Architects
- Microsoft 365 administrators responsible for cloud application usage and data security