Overview
Microsoft Defender for Cloud Apps (formerly Cloud App Security) is a multimode cloud access security broker (CASB) that provides visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all Microsoft cloud services. Blumira integrates with Microsoft Defender for Cloud Apps to stream Microsoft cloud security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
If you have not previously configured Microsoft Defender for Cloud Apps in your Microsoft 365 tenant, please see Microsoft’s Get Started Guide for initial setup instructions.
To gather your Cloud Apps token and URL, do the following:
- Log in to https://security.microsoft.com.
- Navigate to System > Settings.
- Click Cloud Apps.
- Click API Tokens.
- Click + to add a new token.
- Enter a name, such as “Blumira Cloud Connector.”
- Copy the token and the URL for use in the Blumira Cloud Connector.
Note: The API token generated for Defender for Cloud Apps is linked to the user that generated it. If the user is removed from the Microsoft 365 tenant or has roles removed, the token will be invalidated.
Configuring the MS Cloud Apps Cloud Connector
To configure the Blumira Cloud Connector and begin logging, do the following:
- In Blumira, navigate to Ingestion > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, select the connector you want to add.
- In Cloud Connector Name, type a name that will help you identify the integration.
- In the remaining fields, enter the credentials you gathered in the previous steps.
- Click Connect.