This webinar covered Microsoft Defender for Cloud Apps and provided resources for further information. The presentation included a demonstration of Defender for Cloud Apps and its capabilities for monitoring cloud app usage, investigating risks and suspicious activity, and assessing app security. It also announced an upcoming Microsoft 365 update and provided various news links and documentation about Microsoft cloud products and services. Attendees were encouraged to join the CIAOPS patron program for additional training resources.

1. Need to Know Microsoft 365
Webinar
April 2023
@directorcia
http://about.me/ciaops

2. Web cast has started
Web cast is being recorded
If you can’t hear anything check
your speaker settings

3. For questions after the event:
Email : director@ciaops.com
Twitter : @directorcia

5. Webinar recordings at:
www.ciaopsacademy.com
Free access for CIAOPS patrons

6. Please:
- Turn off your mobile
- Turn off your email
- Have somewhere to
take notes

7. Agenda
-Microsoft 365 Update
-Defender for Cloud Apps
-Q & A

9. News
• Phone Link for iOS is now rolling out to all Windows 11 customers
• https://blogs.windows.com/windowsexperience/2023/04/26/phone-link-for-ios-is-now-rolling-out-to-all-windows-11-
customers/
• Introducing cloud.microsoft: a unified domain for Microsoft 365 apps and
services
• https://techcommunity.microsoft.com/t5/microsoft-365-blog/introducing-cloud-microsoft-a-unified-domain-for-
microsoft-365/ba-p/3804961
• New settings in Microsoft Intune to enhance Windows Defender Firewall
management
• https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-in-microsoft-intune-to-enhance-
windows-defender/ba-p/3803857
• What’s new in Microsoft Intune - 2304 (April) edition
• https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2304-april-
edition/ba-p/3802437
• Microsoft results - https://www.microsoft.com/en-us/investor/earnings/fy-2023-q3/press-release-webcast

10. Defender for
Cloud Apps

11. USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack

14. What is Defender for Cloud Apps?

15. Malicious Insider
Protect against disgruntled
employees before they cause
damage
Ransomware
Identify ransomware using
sophisticated behavioral analytics
technology
Rogue Application
Identify rouge applications that
access your data
Compromised Accounts
Combat advanced attackers that leverage
compromise user credentials
Malware
Detect malware in cloud
storage as soon as it’s
uploaded
Data exfiltration
Detect unusual flow of data outside of
your organization

16. Microsoft Cloud App Security
licensing datasheet -
https://aka.ms/mcaslicensing

17. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent

18. Advanced incident investigation tools
Investigate on users, file, activities, locations
and managed apps, quantify exposure and risk
Cloud data visibility
Identify how data – both classified and not
classified – is shared across cloud apps and
identify risk
Cloud app risk assessment
Assess risk cloud apps based on ~60 security
and compliance risk factors.
On-going analytics & anomaly detection
Get anomalous usage alerts, new app and
trending apps alerts
MONITOR CLOUD APP USAGE

19. DEMO

20. Resources
• Microsoft Cloud App Security Explained -
https://www.youtube.com/watch?v=jffUGPvmc8A
• Microsoft Defender for Cloud Apps overview -
https://learn.microsoft.com/en-us/defender-cloud-apps/what-is-defender-
for-cloud-apps
• Investigate cloud app risks and suspicious activity –
https://learn.microsoft.com/en-us/defender-cloud-apps/investigate
• Microsoft Defender for Cloud Apps Security: Overview –
https://www.youtube.com/watch?v=iAs_Jn4dkVY
• Get started with Microsoft Defender for Cloud Apps -
https://learn.microsoft.com/en-us/defender-cloud-apps/get-started
• Manage OAuth apps - https://learn.microsoft.com/en-us/defender-cloud-
apps/manage-app-permissions

21. CIAOPS Resources
• Blog – http://blog.ciaops.com
• Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops
• Free documents, presentations, eBooks – http://slideshare.net/directorcia
• Office 365, Azure, Cloud podcast – http://ciaops.podbean.com
• Office 365, Azure online training courses – http://www.ciaopsacademy.com
• Office 365 and Azure community – http://www.ciaopspatron.com
• CIAOPS Github – https://github.com/directorcia
Twitter
@directorcia
Facebook
https://www.facebook.com/ciaops
Email
director@ciaops.com
Skype for Business
admin@ciaops365.com

22. Get access to the latest
information by becoming a
Patron
http://www.ciaopspatron.com

24. That’s all folks!
Thanks for attending