Lifecycle management strategy in Defender for Cloud Apps
By using a lifecycle management strategy, you can ensure your configurations, exclusions, and policies for Microsoft Defender for Cloud Apps remain up to date and are reviewed on an established cadence.
Note
Remember to also check What's New in Defender for Cloud Apps to stay current with new features and releases.
To best maintain Defender for Cloud Apps posture, regularly follow the recommendations below:
Role-based access controls
- Review any users that have access to the Defender for Cloud Apps portal and verify role need
- Inventory external users with access to your environment and determine validity
Real-time controls
- Add applications for additional control and visibility
- Remove old user/group exclusions from Conditional Access policy
- Update SAML certificate for third-party identity provider annually
- Verify app onboarding members
Policy management
- Remove unneeded custom policies
- Review new policy templates
- Enhance policy strategy to determine what can be a saved query versus what requires an alert
- Ensure labeling strategy is in line with current Security and Compliance configuration
Discovery
Settings
- Review managed domains
- Verify current IP ranges for Corporate and VPN
- Verify App Tag strategy and add/remove as needed
- Check rights on admin quarantine folder
- Adjust score metrics based on industry best practices
- Review members allowed to view private activities
- Verify integrations are enabled:
Next steps
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for