Microsoft Defender for Cloud Apps

What i like most about Microsoft Defender for Cloud Apps is that it doesn't miss a bit. It offers robust shadow IT discovery, which help uncover unsanctioned apps before they become unseen risks and offer realtime monitoring that give me full visibility into everything happening across our cloud environment. The built in data loss protection features help in identifying sensitive information and protecting proprietary product formulations and customer data from unauthorized access and exfiltration. Defender for Cloud isnot just your ordinary tool, but it provides us with a multilayered solution that combines CASB, DLP, SSPM, threat detection and app control into one platform, which is ideal for keeping our SaaS environment secure and compliant. I also appreciate that it integrates seamlessly with our other Microsoft security products and manufacturing infrastructure, allowing us to consolidate alerts from cloud apps and signals from emails, endpoints and identities into a comprehensive view of security threats. Lastly the automated threat detection and remediation function is impeccable. It uses machine learning to detect anomalies across our systems and automatically revokes access, require authentication or trigger alerts for our IT team .

All the features and abilities to control Shadow IT, Inventories and security controls are fantastic.

Conditional Access (CA) policy engine integration. This is a huge benefit as it helps to cover some gaps in CA (e.g. Some apps are not supported by CA, but supported by MDCA). It can also help to address separate needs for more granular controls which are not possible in CA.

Microsoft Defender for Cloud Apps is complex to integrate since it doesn't plugin effortlessly to specialized manufacturing tools. There is also a steep learning curve on the onset due to its wide range of powerful features that requires time to fully understand and configure to fit the unique needs of manufacturing operations.

Portal is not always 100% accurate - would appreciate more support in the configuration and best practice guidance tailored to my organisation

1) Integration has a lot of room for improvement. Initially, MDCA was a 3rd party product that was acquired by Microsoft some years ago, and unfortunately, it seems that integration is still not fully done. Good example here - Entra ID groups cannot be used directly, but must be synced into MDCA. This makes policy configuration very difficult, because you cannot rely on user group membership as it can be out of sync. 2) MDCA uses connectors to get insights and be able to take actions in other SaaS applications. Problem here is that some very popular SaaS applications still don't have connectors. There is no clear road-map - what is planned, which connectors are on the way, which will be improved, which are not planned. It is difficult to make long-term plans. 3) Integration with Microsoft Purview solution could be improved. Purview is a main data protection solution from Microsoft, it uses sensitivity labels to provide data protection (including encryption) capabilities. Support for such labelling in MDCA policy is limited. For example, it is not possible to make some simple policies that can track actions users do against labelled content (those could be done in a different way, but it is expected to see more things like that in MDCA).