What Defender for Cloud Apps does
Defender for Cloud Apps consolidates visibility and control across SaaS applications, including those used without formal IT approval (shadow IT). It achieves this by analysing network traffic logs from firewalls and proxies, providing a comprehensive view of application usage. The platform also offers granular control over application access, data loss prevention capabilities for SaaS services, and tools to assess OAuth application risks. This allows organisations to move beyond simply identifying risky apps to actively mitigating those risks.
Defender for Cloud Apps in Australian tenants today
For AU mid-market organisations, a common rollout pattern involves initial discovery to identify shadow IT. Following this, prioritising the hardening of the top 20 SaaS applications using API connectors is recommended. Layering Microsoft Entra ID Conditional Access App Control is crucial for managing access from unmanaged devices, aligning with the ACSC Essential Eight’s focus on limiting data access. Consideration should be given to APRA CPS 234 requirements around third-party risk management and the OAIC’s Privacy Act 2024 guidance on data security when configuring policies.