![]() ![]() You should be required to perform the action configured in the authentication context policy. To simulate this policy, sign in to the app from an unmanaged device or a non-corporate network location. Select if to get the alerts as an email message. You can set a limit so that you don't receive too many alerts. Set the alerts you want to receive when the policy is matched. This requires authentication context to be created in Azure AD. Under Actions, select Require step-up authentication. Select File name or File type to apply restrictions based on file name or type.Įnable Content inspection to enable the internal DLP to scan your files for sensitive content. ![]() Sensitivity labels: If you use sensitivity labels from Microsoft Purview Information Protection, filter the files based on a specific Microsoft Purview Information Protection sensitivity label. Under Activity source in the Files matching all of the following section, set the following filters: Users: Select the users you want to monitor. ![]() Your selection depends on the method used in your organization for identifying managed devices. Under Activity source in the Activities matching all the following section, select the filters:ĭevice tag: Select Does not equal, and then select Intune compliant, Hybrid Azure AD joined, or Valid client certificate. For example, Require step-up authentication on downloads from SharePoint Online from unmanaged devices.įor the Session control type, select Block activities, Control file upload (with inspection), Control file download (with inspection). In the Create session policy page, give your policy a name and description. In the Policies page, select Create policy followed by Session policy. In the Microsoft 365 Defender portal, under Cloud Apps, go to Polices -> Policy management. Make sure you've configured your IdP solution to work with Defender for Cloud Apps, as follows:įor Azure AD Conditional Access, see Configure integration with Azure ADįor other IdP solutions, see Configure integration with other IdP solutionsĪfter completing this task, go to the Defender for Cloud Apps portal and create a session policy to monitor and control file downloads in the session. Step 1: Configure your IdP to work with Defender for Cloud Apps To accomplish control of a session using its device as a condition, create both a conditional access policy and a session policy. Make sure the app is deployed to Defender for Cloud AppsĬreate a policy to enforce step-up authenticationĭefender for Cloud Apps session policies allow you to restrict a session based on device state. PrerequisitesĪ valid license for Azure AD Premium P1 licenseĬonfigure a cloud app for SSO using one of the following authentication protocols: IdP Protect your organization by requiring Azure AD Conditional Access policies to be reassessed during sensitive session actions the Defender for Cloud Apps Conditional Access App Control. Maybe they went to the coffee shop downstairs, or maybe their token was compromised or stolen by a malicious attacker. During the same session, their IP address registered outside of the corporate network. The threatĪn employee logged in to SharePoint Online from the corporate office. This tutorial allows you to reevaluate Azure AD Conditional Access policies when users take sensitive actions during a session. How can you enable employees to access your cloud apps while protecting your data? However, you want to protect the company's assets including proprietary and privileged information. That means allowing employees to access apps so they can work at any time, from any device. You want to enable your employees to be productive. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.Īs an IT admin today, you're stuck between a rock and hard place. Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |