Quick Links

Integrating with Microsoft Defender for Cloud Apps

Overview

Microsoft Defender for Cloud Apps (formerly Cloud App Security) is a multimode cloud access security broker (CASB) that provides visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all Microsoft cloud services. Blumira integrates with Microsoft Defender for Cloud Apps to stream Microsoft cloud security event logs and alerts to the Blumira service for threat detection and actionable response. 

Note: If you are looking to integrate with other Microsoft products or want to understand how Microsoft Defender for Cloud Apps differs from the other Microsoft integrations, see Getting started with Blumira's Microsoft 365 and Azure log monitoring.

Before you begin

To gather your Cloud Apps token and URL, do the following:

  1. Log in to https://security.microsoft.com.
  2. Navigate to Settings.
  3. Click Cloud Apps.
  4. Click API Tokens.
  5. Click + to add a new token.
  6. Enter a name, such as “Blumira Cloud Connector.”
  7. Copy the token and the URL for use in the Blumira Cloud Connector.

Configuring the MS Cloud Apps Cloud Connector

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.

To configure the Blumira Cloud Connector:

  1. In the Blumira app, navigate to Settings > Cloud Connectors.
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector you want to add.
  4. In the Cloud Connector Name box, type a name to help identify the specific integration. 
  5. Enter the credentials that you collected in the previous steps.
  6. Click Connect.