Slack API connector is now in general availability For more information, see Integrate Cloud App Security with Open Systems.Ĭloud App Security release 209, 210, and 211 We've added native integration with Open Systems providing you with Shadow IT visibility into app use and control over app access. New Shadow IT integration with Open Systems For more information, see Connect Smartsheet and Connect OneLogin. You can now connect Microsoft Cloud App Security to Smartsheet and to OneLogin to monitor and protect users and activities. Smartsheet and OneLogin API connectors are now in general availability. Smartsheet and OneLogin API connectors are now in general availability For more information, see Activity from suspicious IP addresses. This new alert will be generated by the existing Activity from suspicious IP addresses policy.
It alerts about users that were victims of password spray campaigns and managed to access your cloud applications from those malicious IPs. This detection compares IP addresses performing successful activities in your cloud applications to IP addresses identified by Microsoft’s threat intelligence sources as recently performing password spray attacks. New detection: Activity from password-spray associated IP addresses For more information, see Unusual ISP for an OAuth app. The detection can indicate that an attacker has compromised the app and is using it for malicious activity. The new detection is now available out-of-the-box and automatically enabled. We've extended our anomaly detections to include suspicious addition of privileged credentials to an OAuth app. New anomaly detection: Unusual ISP for an OAuth app For more information, see Behavioral analytics and anomaly detection. Mass failed login alert will still be applied if there are anomalous high amount of failed login attempts on a user. From now on, they'll only be triggered by successful login cases and not by unsuccessful logins or attack attempts. Impossible travel, activity from infrequent countries/regions, activity from anonymous IP addresses, and activity from suspicious IP addresses alerts will not apply on failed logins.Īfter a thorough security review, we decided to separate failed login handling from the alerts mentioned above. For more information, see Connect NetDocuments to Microsoft Defender for Cloud Apps. You can now connect Microsoft Defender for Cloud Apps to NetDocuments to monitor and protect users and activities. NetDocuments app connector available in public previewĪ new app connector for NetDocuments is available in public preview.For more information, see How Cloud App Security helps protect your NetDocumentsĭefender for Cloud Apps release 214 and 215 The NetDocuments API connector is in general availability, giving you more visibility into, and control over, how your NetDocument app is used in your organization. NetDocuments API connector is now in general availability For more information, see the Microsoft 365 Defender Tech Community blog post. Non-Microsoft apps activities are now included the CloudAppEvent table in Microsoft 365 Defender advanced hunting. Non-Microsoft activities in advanced hunting For more information, see Connect Atlassian to Microsoft Defender for Cloud Apps (Preview).ĭefender for Cloud Apps release 216 and 217 You can now connect Microsoft Defender for Cloud Apps to Atlassian to monitor and protect users and activities. Atlassian app connector available in public previewĪ new app connector for Atlassian is available in public preview.
To install it, see Configure automatic log upload for continuous reports.ĭefender for Cloud Apps release 218 and 219 The Cloud Discovery log collector has been updated to Ubuntu 20.04. For more information, see Connect Egnyte to Microsoft Defender for Cloud Apps (Preview).