Microsoft Defender for Cloud Apps (MCDA) is Microsoft's product offering helping companies to monitor and protect their SaaS app data.
Our integration allows you to fetch discovery data directly from MCDA to uncover SaaS usage across your organisation.
Capabilities
β
SaaS Discovery | Synchronises discovered SaaS apps from Microsoft Defender for Cloud Apps (browser-based apps only) |
β SaaS App Usage | Fetches information about which specific users have used each app, in 7-day intervals |
Prerequisites
A company-wide Microsoft license that includes Defender for Cloud Apps
Defender for Cloud Apps must be configured to receive data from Defender for Endpoint or another supported log collector
Setup Guide
Go to Integrations in Viio
Find Microsoft Defender for Cloud Apps in the list (or click this direct link)
Click the Authorise button
In the new window that opens, log into Microsoft, and grant the needed permissions (remember to login using an Admin account)
After successfully granting the permissions, the validation section will become green
Lastly, give your integration as suitable name. Naming is used for display purposes to easily identify the integration as a data source elsewhere in Viio.
You're all set!
You can monitor the health of your connector here.
Technical Details
Endpoints
This integration queries the following endpoints:
GET /users
GET /beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams
GET /beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/{streamId}/microsoft.graph.security.aggregatedAppsDetails(period=duration'P90D')
GET /beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams/{streamId}/microsoft.graph.security.aggregatedAppsDetails(period=duration'P7D')/{appId}/users
Scopes & Permissions
This integrations needs the following permissions:
CloudApp-Discovery.Read.All
User.Read
User.ReadBasic.All
discovery.read
investigation.read
Notes and Remarks
Note that Defender for Cloud apps will provide information to Viio on all Saas applications used in your organisation according to Microsoft and Viio will mark these with the label for source "External Discovery Engine"
The Viio Platform will not do any addtional processing on this data nor will in any way alter it.
Please also note that nor Defender for Cloud apps nor the Viio Browser Extension can cover Desktop applications, in order to track usage on such you will need to install the Viio Desktop Agent.