Learn how to connect CAS with Office 365 as an additional source of data.
- [Instructor] Within the Cloud App Security dashboard, we can begin by discovering what applications are being used by our users. We can see how many apps are being used, the number of users that are accessing them, and how much network traffic is being generated to those apps. We can even drill down and see different categories of applications that are being accessed and how much traffic is going to each category so we can understand from a priorities perspective where most of the resources are being used. We also get to see how many applications are at different levels of risk so we can prioritize there as well.
As we drill down into the discovered apps, we can see how many apps were discovered in total. We can learn about them, we can see their name, how much traffic was sent to them, what the risk scores are, and how many users are accessing them. We can also filter this based on whether or not the apps are sanctioned or unsanctioned or if they're just apps that we haven't dug into yet. The risk score is really helpful because it enables us to prioritize. When we have a lot of applications that have been discovered, we want to make sure that we're spending time on the applications that have the most impact.
We can look at applications that are high risk and low numbers of users or maybe medium risk with large numbers of users to set those priorities. Based on Cloud App Security's integration with certain applications, we can actually look into not just what apps people are using, but the data they're working within those applications. We can see the types of files, what they're called, who has access to them. Are they only accessible internally or are they also accessible to the public? And based on that we can learn about the types of files, the applications and what people are doing with them so we can make decisions if we need to enable policies.
Policies enable us to do things like detect files that match certain patterns or have certain types of data in them. We can then learn how many files match those policies and what the severity is so we can take action. And finally, we can get alerts about activities that are happening in applications, we can sort those alerts by the severity, we can learn what the alerts are, and what we need to do to remediate them so we can take action and stay in control.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security