This webinar covered Microsoft Defender for Cloud Apps and provided resources for further information. The presentation included a demonstration of Defender for Cloud Apps and its capabilities for monitoring cloud app usage, investigating risks and suspicious activity, and assessing app security. It also announced an upcoming Microsoft 365 update and provided various news links and documentation about Microsoft cloud products and services. Attendees were encouraged to join the CIAOPS patron program for additional training resources.
9. News
• Phone Link for iOS is now rolling out to all Windows 11 customers
• https://blogs.windows.com/windowsexperience/2023/04/26/phone-link-for-ios-is-now-rolling-out-to-all-windows-11-
customers/
• Introducing cloud.microsoft: a unified domain for Microsoft 365 apps and
services
• https://techcommunity.microsoft.com/t5/microsoft-365-blog/introducing-cloud-microsoft-a-unified-domain-for-
microsoft-365/ba-p/3804961
• New settings in Microsoft Intune to enhance Windows Defender Firewall
management
• https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-in-microsoft-intune-to-enhance-
windows-defender/ba-p/3803857
• What’s new in Microsoft Intune - 2304 (April) edition
• https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2304-april-
edition/ba-p/3802437
• Microsoft results - https://www.microsoft.com/en-us/investor/earnings/fy-2023-q3/press-release-webcast
11. USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack
15. Malicious Insider
Protect against disgruntled
employees before they cause
damage
Ransomware
Identify ransomware using
sophisticated behavioral analytics
technology
Rogue Application
Identify rouge applications that
access your data
Compromised Accounts
Combat advanced attackers that leverage
compromise user credentials
Malware
Detect malware in cloud
storage as soon as it’s
uploaded
Data exfiltration
Detect unusual flow of data outside of
your organization
16. Microsoft Cloud App Security
licensing datasheet -
https://aka.ms/mcaslicensing
17. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent
18. Advanced incident investigation tools
Investigate on users, file, activities, locations
and managed apps, quantify exposure and risk
Cloud data visibility
Identify how data – both classified and not
classified – is shared across cloud apps and
identify risk
Cloud app risk assessment
Assess risk cloud apps based on ~60 security
and compliance risk factors.
On-going analytics & anomaly detection
Get anomalous usage alerts, new app and
trending apps alerts
MONITOR CLOUD APP USAGE