Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.
App connectors use app provider APIs to give Microsoft Defender for Cloud Apps more visibility and control over the apps you connect to. The APIs provided by the cloud provider are used by Microsoft Defender for Cloud Apps (MDCA). All communication between Defender for Cloud Apps and connected apps is encrypted using HTTPS. Each service has its own framework and API limitations, such as throttling, API limits, dynamic time-shifting API windows, and so on. Microsoft Defender for Cloud Apps collaborated with the services to optimise API usage and performance. Taking into account the various limitations that services impose on APIs, the Defender for Cloud Apps employs the available capacity. Some operations, such as scanning all files in the tenant, necessitate multiple APIs, so they are spread out over a longer period of time. Expect some policies to last several hours or days.
Support for multiple instances
Defender for Cloud Apps allows multiple instances of the same connected app to run simultaneously. For example, if you have two Salesforce instances (one for sales and one for marketing), you can connect both to Defender for Cloud Apps. To create granular policies and conduct deeper investigations, you can manage the different instances from the same console. This support is only available for API-connected apps, not Cloud Discovered or Proxy-connected apps.
How it operates
Defender for Cloud Apps is installed with system administrator privileges to provide full access to all objects in your environment. The following is the App Connector flow:
- Defender for Cloud Apps scans and saves authentication permissions.
- Defender for Cloud Apps requests the user list. The first time the request is processed, it may take some time for the scan to complete.
- Defender for Cloud Apps scans users, groups, activities, and files on a regular basis after the user request is completed. After the first full scan, all activities will be available.
Connections may take some time to establish depending on the size of the tenant, the number of users, and the size and number of files to be scanned. API connection enables the following items, depending on the app to which you’re connecting:
- Access to users, accounts, profile information, status (suspended, active, disabled), groups, and privileges.
- The audit trail provides visibility into user, admin, and sign-in activities.
- Account management entails the ability to suspend users, revoke passwords, and so on.
- Permissions for apps – View issued tokens and their permissions.
- Token removal capability in app permission governance.
- Data scan – Scanning of unstructured data on a regular basis (every 12 hours) and in real time (triggered each time a change is detected).
- Data governance entails the ability to quarantine files, including those in the trash, as well as overwrite files.
Professional Labs is the best cloud managed service provider in UAE; for more information, please contact us.
Contact Us | Professional labs (prolabsit.com)