Defender for Cloud Apps (MDA) is such a hidden gem. When talking with Microsoft 365 E5 customers, it’s amazing how few of them really grab MDA and squeeze all they can out of it. It’s often classified as a cloud access security broker (CASB) but that’s an oversimplication: the product can do so much more such as SaaS security posture management (SSPM) and, most topical in light of recent events, OAuth app governance.
This blog is part of a series on common Microsoft 365 security mistakes. View the previous blogs here: remember to add any extra blogs
- Conditional Access – Common Microsoft 365 Security Mistakes Series
- Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series
- Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series
- Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series
- Entra ID Protection – Common Microsoft 365 Security Mistakes Series
Only using MDE for continuous cloud discovery
text
Not connecting your SaaS/IaaS as connected apps
text
Not adjusting policies based on false positive noise
text
Not leveraging advanced hunting integration
text
Poorly defined session policies
text
Conclusion
text