CTO at a tech services company with 201-500 employees
Real User
Top 20
2023-11-28T10:51:00Z
Nov 28, 2023
We have multiple virtual machines that we utilize in the cloud space with different applications on them. We utilize Microsoft Defender for Cloud Apps to monitor those individual application VMs as well as, along with Sentinel, our entire Azure ecostructure.
Cyber security engineer at a tech services company with 10,001+ employees
Real User
Top 10
2023-08-25T10:41:00Z
Aug 25, 2023
We were looking for protection for cloud applications, specifically for the SharePoint directory. One of the use cases is to monitor employees who are leaving the organization in the next month. We do this by placing them in a separate Active Directory container and monitoring their activity. For example, we would monitor if they download a large number of files from cloud applications, delete something, or engage in other abnormal activities. This is one use case for Microsoft Defender for Cloud Apps.
Software Security Specialist at a tech vendor with 51-200 employees
Real User
Top 20
2023-05-17T11:40:00Z
May 17, 2023
We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.
Learn what your peers think about Microsoft Defender for Cloud Apps. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Manager Information Security at a venture capital & private equity firm with 11-50 employees
Real User
Top 20
2023-05-04T10:04:00Z
May 4, 2023
We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.
We primarily use Defender for Cloud Apps to authenticate users of our cloud applications. Defender validates the identity and allows the user to access the application.
We primarily use Microsoft Defender for Cloud to secure and provide controlled access to our applications. We have a few hosted applications in the cloud, including some of our critical applications. We need a solid firewall and security setup in the cloud to protect all those applications. Microsoft Defender for Cloud serves this purpose because it provides efficient security for our cloud applications. Its controlled auditing and other filtering setups also offer uninterrupted access to users. We use Defender for Identity and Defender for Cloud. Integrating the two is entirely straightforward. Once we deploy Azure or any other Microsoft services, the integration between each product is released. You can integrate Defender for Cloud and identity management with a click. Both are security features that have to work. If we get a similar log issue from Defender for Cloud, this log is automatically passed to Identity to check if there is any mismatch or identity-based concerns. It'll correlate the logs and easily identify the issues. These solutions work together natively, each addressing a different security dimension. We prefer this identity-based solution focusing on user identity security, whereas Microsoft Defender for Cloud App concentrates on applications. Application security is the priority in this. Application security also requires identity management because users will be accessing applications based on identity rules. If the identity policies are met, it will easily access these applications hosted in the Cloud. Microsoft Defender Cloud has separate policies to maintain specific access for users based on their privileges, so it is all correlated. It should work in correlation because we are not using a third-party product for all this security. We expect a solid correlation because everything is the legacy software of Microsoft. We are using multiple Microsoft products with Azure, including OneNote, OneCloud, etc., and every product requires security in each layer. We have numerous layers of protection in Microsoft. Each layer must be correctly oriented and governed by a set of policies so that each level satisfies the user policies and each policy forwards to the next level. So in that way, Microsoft has a different level of setups, and this Microsoft Defender for Cloud is one that last setup. Our cloud strategy will change as we move more applications to the cloud, and all require security. As we migrate more into the cloud, our security becomes more complex. Once we have applications deployed in the cloud, it is better to have a single vendor for all the security solutions because Microsoft has a solution for each aspect of the application setup. Microsoft provides enough security features that we don't require any third-party applications. Each layer has to complement another layer. Because it is a one-vendor Microsoft solution, it's easy for us to identify and troubleshoot issues. I prefer a single solution rather than a multi-vendor solution.
We have several use cases including file monitoring, unusual travel activities, user investigation, and activity. It pretty much covers every activity based on the cloud.
Modern Workplace Solution Architect at a tech consulting company with 11-50 employees
Real User
2022-09-04T20:24:00Z
Sep 4, 2022
We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.
We help develop and mostly support applications for clients. It creates reports for clients. It works with Microsoft SQL Server and can tell clients if they need some governance standards for user security profiles. For example, if they are using Linux VM, then there are some security updates that come up. If they haven't been updated, they get a prompt telling them, "Look at this CSV security vulnerability. It should be updated as this part of your application." We have our main office in Lagos with other offices in the UK and America. Due to COVID, we are mostly working remotely and having meetings online. There are 55 endpoints.
Principal Security Engineer at a tech services company with 5,001-10,000 employees
Real User
2022-04-25T09:36:14Z
Apr 25, 2022
I used to deploy it in the customer's environment and set the requirements. It's used for blocking downloads, for example, and is a security feature for data centers.
We use it for security alerts for any possible trouble for users. In terms of deployment, we have on-prem servers for now for one of the customers. We also have several customers on the Azure cloud.
IT Planning Manager at a construction company with 5,001-10,000 employees
Real User
2022-01-05T06:52:44Z
Jan 5, 2022
They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe. We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time. If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.
Senior Solutions Engineer at a tech vendor with 1,001-5,000 employees
Real User
2021-11-24T04:08:00Z
Nov 24, 2021
The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP.
Senior Cloud & Security Consultant at a tech services company with 11-50 employees
MSP
2021-08-31T14:25:00Z
Aug 31, 2021
If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that. Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution. Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility. Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.
We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services. It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.
Cloud Security & Governance at a financial services firm with 10,001+ employees
Real User
Top 20
2021-06-15T01:09:00Z
Jun 15, 2021
MCAS was onboarded for the purpose of detecting shadow IT. As the organization moved towards more SaaS solutions, we wanted to make sure that there is a way to monitor and govern the IT services coming up as shadow IT. We are a very big organization where a lot of services get onboarded, and some of the things may go unnoticed. We wanted to detect the shadow IT software being installed or shadow IT happening within a department or business unit. We also wanted to make sure that the cloud access security broker provides a DLP kind of solution for Office 365. For example, if I am uploading a document with PI data, MCAS should scan and make sure that the right classification is applied. When the right classification is applied, the document gets encrypted, and relevant information protection is applied. If the right classification is not applied, the users are alerted to make sure that they go and remediate the document, task, file, etc. This is how we started with this solution the last year. Going forward, as a strategic solution, we are also looking at using MCAS to govern the Office environment. We have started onboarding solutions like Microsoft Teams, SharePoint Online, OneDrive, and Exchange Online. Our setup is a mixture of on-premises and cloud solutions. At this point in time, the major cloud providers are AWS and Azure, and we also have on-premises products such as Symantec DLP, Doc Scan, etc.
Enterprise System Engineer at New Zealand Trade and Enterprise
Real User
2021-05-30T06:18:00Z
May 30, 2021
The use case is for getting visibility over cloud applications that our users are consuming, how they consume it, and using the protection which comes with Cloud App Security with that visibility. It provides monitoring and visibility into cloud apps that our users are using and has ;a layer of security wrapped around that. It identifies malicious activity, if it's occurring, and provides overall protection of our company data from things like data exfiltration and all the other integrations that it has with other Microsoft security products. It is protecting approximately 800 users. We have four other sources feeding into it from other products that we use. We have several thousand applications for which we get reports and visibility. It is one of our core tools for monitoring and managing our security posture. In the future, I don't see that changing much. At this stage, I think we are at a good level of how we are using it.
Cloud Security Architect at a tech services company with 501-1,000 employees
Real User
2021-04-08T16:28:00Z
Apr 8, 2021
We are a consulting firm and we configure this service for our clients. Our clients use it for Shadow IT systems and processes. It is used specifically for cloud services, such as services that reside in Microsoft Azure.
We use it to protect our organization's data. It has the ability to create and can copy-paste for the end-user. You can take a screenshot from your mobile devices and download some confidential things. After creating the policy you can be assured that a user's data is being protected We give devices access within a particular device that the user is accessing. We are also certain that there is no chance of scamming or that an email account can be hacked. We also create a password policy. Whenever the end-user wants to download anything or wants to access anything there has to be some security. It secures the customer's data in their organization.
Director Global Strategic Alliances at Larsen & Toubro Infotech Ltd.
Real User
2020-04-02T07:00:10Z
Apr 2, 2020
We are a solution provider and this is one of the products that we implement for our customers. Our customers have applications that are running across different clouds or on different platforms. Microsoft Cloud App Security brings them together onto the same platform from a security standpoint. The application can run seamlessly across different clouds, which helps.
Microsoft Defender for Cloud Apps is a comprehensive security solution that provides protection for cloud-based applications and services. It offers real-time threat detection and response, as well as advanced analytics and reporting capabilities. With Defender for Cloud Apps, organizations can ensure the security of their cloud environments and safeguard against cyber threats. Whether you're running SaaS applications, IaaS workloads, or PaaS services, Microsoft Defender for Cloud Apps...
We use Microsoft Defender for Cloud Apps for endpoint management.
We use Microsoft Defender for Cloud Apps for discovery, data exfiltration, and sensitive data exposure.
We use the product mainly to manage the accounts for Single-Sign-On purposes.
We have multiple virtual machines that we utilize in the cloud space with different applications on them. We utilize Microsoft Defender for Cloud Apps to monitor those individual application VMs as well as, along with Sentinel, our entire Azure ecostructure.
We were looking for protection for cloud applications, specifically for the SharePoint directory. One of the use cases is to monitor employees who are leaving the organization in the next month. We do this by placing them in a separate Active Directory container and monitoring their activity. For example, we would monitor if they download a large number of files from cloud applications, delete something, or engage in other abnormal activities. This is one use case for Microsoft Defender for Cloud Apps.
We use Defender for Cloud Apps for shadow IT discovery and managing cloud applications. We use all Microsoft security products, including Defender for Endpoint and Sentinel. Our company has a SOC team that investigates and remediates security incidents in the Sentinel portal.
We utilize Microsoft Defender for Cloud Apps in conjunction with Defender for Endpoint. This enables the Cloud App to effectively block unauthorized websites for users. Additionally, it allows us to prevent users from accessing malicious sites, and we can restrict user access based on their device compliance status.
We use Defender for governance, discovery, and application awareness. It's also useful for detecting shadow IT and anomalous user behavior.
We primarily use Defender for Cloud Apps to authenticate users of our cloud applications. Defender validates the identity and allows the user to access the application.
We primarily use Microsoft Defender for Cloud to secure and provide controlled access to our applications. We have a few hosted applications in the cloud, including some of our critical applications. We need a solid firewall and security setup in the cloud to protect all those applications. Microsoft Defender for Cloud serves this purpose because it provides efficient security for our cloud applications. Its controlled auditing and other filtering setups also offer uninterrupted access to users. We use Defender for Identity and Defender for Cloud. Integrating the two is entirely straightforward. Once we deploy Azure or any other Microsoft services, the integration between each product is released. You can integrate Defender for Cloud and identity management with a click. Both are security features that have to work. If we get a similar log issue from Defender for Cloud, this log is automatically passed to Identity to check if there is any mismatch or identity-based concerns. It'll correlate the logs and easily identify the issues. These solutions work together natively, each addressing a different security dimension. We prefer this identity-based solution focusing on user identity security, whereas Microsoft Defender for Cloud App concentrates on applications. Application security is the priority in this. Application security also requires identity management because users will be accessing applications based on identity rules. If the identity policies are met, it will easily access these applications hosted in the Cloud. Microsoft Defender Cloud has separate policies to maintain specific access for users based on their privileges, so it is all correlated. It should work in correlation because we are not using a third-party product for all this security. We expect a solid correlation because everything is the legacy software of Microsoft. We are using multiple Microsoft products with Azure, including OneNote, OneCloud, etc., and every product requires security in each layer. We have numerous layers of protection in Microsoft. Each layer must be correctly oriented and governed by a set of policies so that each level satisfies the user policies and each policy forwards to the next level. So in that way, Microsoft has a different level of setups, and this Microsoft Defender for Cloud is one that last setup. Our cloud strategy will change as we move more applications to the cloud, and all require security. As we migrate more into the cloud, our security becomes more complex. Once we have applications deployed in the cloud, it is better to have a single vendor for all the security solutions because Microsoft has a solution for each aspect of the application setup. Microsoft provides enough security features that we don't require any third-party applications. Each layer has to complement another layer. Because it is a one-vendor Microsoft solution, it's easy for us to identify and troubleshoot issues. I prefer a single solution rather than a multi-vendor solution.
We have several use cases including file monitoring, unusual travel activities, user investigation, and activity. It pretty much covers every activity based on the cloud.
Mainly, companies use it for end-user compute devices.
We use it for security and compliance. We use it for alert policies on activities happening on some of our on-premises and cloud applications. We also use it to restrict some users from downloading files from OneDrive or from some of the applications that we have. In addition, we integrate it with the Azure Active Directory Conditional Access policy.
We help develop and mostly support applications for clients. It creates reports for clients. It works with Microsoft SQL Server and can tell clients if they need some governance standards for user security profiles. For example, if they are using Linux VM, then there are some security updates that come up. If they haven't been updated, they get a prompt telling them, "Look at this CSV security vulnerability. It should be updated as this part of your application." We have our main office in Lagos with other offices in the UK and America. Due to COVID, we are mostly working remotely and having meetings online. There are 55 endpoints.
We use it to protect our users' devices against attacks.
I used to deploy it in the customer's environment and set the requirements. It's used for blocking downloads, for example, and is a security feature for data centers.
We use it for security alerts for any possible trouble for users. In terms of deployment, we have on-prem servers for now for one of the customers. We also have several customers on the Azure cloud.
They were testing Microsoft Defender and performing some checks with Microsoft Defender. On the Microsoft side of the same security cloud app, I believe. We have a complete portfolio of election solutions. These election solutions, in general, require a high level of security. There are preparations to have within them, such as cloud apps or websites, or even an off-premise or on-premise type of solution. As a result, we must have both types of services and products in order to secure them. For example, we used the Microsoft denial-of-service attack. It's a software subscription service from Asia that you get for a set period of time. If you are running a live elections operation, you should seriously consider using such a service from them because it is extremely reliable. It essentially protects your entire environment. So you wouldn't be too concerned about someone hacking into your environment or anything because you need to have results that you should be publishing. That is when having a security system becomes extremely important for you. That's on the app side of things, then, on the web, we publish these results. You must also have a system that will never fail due to an attack. That's also one of the things we usually think about when we have an election operation going on.
The solution is primarily used for cloud visibility and getting a better understanding of what the data footprint is, including what kinds of files are exposed, and getting our heads around compliance. It's a component that adds DLP. Presently, there are two separate DLP policies between Microsoft's traditional DLP and the MCA DLP.
If there's any data that is taken out from their corporate applications, on their managed devices, and being taken out and stored somewhere else, on an application that is not managed, they don't have visibility on that. Therefore, with Cloud App Security, the main use case is to identify information about applications that are way beyond their boundaries and to understand what people are accessing them as well as if those applications are safe or not. It's a Shadow IT discovery solution. Apart from that, it's a solution used to protect corporate data from being taken out of those applications and being shared externally with people who are not meant to have those documents or data. It's a solution designed to prevent exfiltration and data filtration of corporate data from those applications to unknown people that may happen without proper visibility. Basically, it's used for two purposes: providing control of the data that is in cloud applications, and shadow IT discovery. That's the major purpose of Cloud App Security.
We use it in our company for threat detection. My company is into manufacturing, and our IT support is within premises. We don't do client services. It is a SaaS solution. It is not supported on-premises. The deployment that we have is purely cloud-based.
MCAS was onboarded for the purpose of detecting shadow IT. As the organization moved towards more SaaS solutions, we wanted to make sure that there is a way to monitor and govern the IT services coming up as shadow IT. We are a very big organization where a lot of services get onboarded, and some of the things may go unnoticed. We wanted to detect the shadow IT software being installed or shadow IT happening within a department or business unit. We also wanted to make sure that the cloud access security broker provides a DLP kind of solution for Office 365. For example, if I am uploading a document with PI data, MCAS should scan and make sure that the right classification is applied. When the right classification is applied, the document gets encrypted, and relevant information protection is applied. If the right classification is not applied, the users are alerted to make sure that they go and remediate the document, task, file, etc. This is how we started with this solution the last year. Going forward, as a strategic solution, we are also looking at using MCAS to govern the Office environment. We have started onboarding solutions like Microsoft Teams, SharePoint Online, OneDrive, and Exchange Online. Our setup is a mixture of on-premises and cloud solutions. At this point in time, the major cloud providers are AWS and Azure, and we also have on-premises products such as Symantec DLP, Doc Scan, etc.
The use case is for getting visibility over cloud applications that our users are consuming, how they consume it, and using the protection which comes with Cloud App Security with that visibility. It provides monitoring and visibility into cloud apps that our users are using and has ;a layer of security wrapped around that. It identifies malicious activity, if it's occurring, and provides overall protection of our company data from things like data exfiltration and all the other integrations that it has with other Microsoft security products. It is protecting approximately 800 users. We have four other sources feeding into it from other products that we use. We have several thousand applications for which we get reports and visibility. It is one of our core tools for monitoring and managing our security posture. In the future, I don't see that changing much. At this stage, I think we are at a good level of how we are using it.
We are a consulting firm and we configure this service for our clients. Our clients use it for Shadow IT systems and processes. It is used specifically for cloud services, such as services that reside in Microsoft Azure.
We use it to protect our organization's data. It has the ability to create and can copy-paste for the end-user. You can take a screenshot from your mobile devices and download some confidential things. After creating the policy you can be assured that a user's data is being protected We give devices access within a particular device that the user is accessing. We are also certain that there is no chance of scamming or that an email account can be hacked. We also create a password policy. Whenever the end-user wants to download anything or wants to access anything there has to be some security. It secures the customer's data in their organization.
We are a solution provider and this is one of the products that we implement for our customers. Our customers have applications that are running across different clouds or on different platforms. Microsoft Cloud App Security brings them together onto the same platform from a security standpoint. The application can run seamlessly across different clouds, which helps.
We have an educational institution and we are using this solution to personally teach our students these applications.