Description:
Defender for Cloud Apps is automatically integrated when Defender CSPM is turned on. There is no separate setting to enable. Turning on Defender CSPM ensures that cloud app alerts and data appear in Microsoft Defender for Cloud.
Rationale:
Turning on Defender CSPM automatically includes Defender for Cloud Apps data, which helps detect risky cloud app activity and improves overall security monitoring without needing extra configuration.
Impact:
Enabling Defender CSPM may increase the number of cloud app alerts and security findings, but it provides better visibility and protection for cloud application activity.
Default Value:
By default, Defender CSPM is turned off, so the automatic integration with Defender for Cloud Apps is not active until it is enabled.
Pre-requisites:
The user must have the Owner, Contributor, or Security Admin role on the subscription.
The subscription must have an active Defender CSPM plan available to enable.
Test Plan:
Open the Azure Portal https://portal.azure.com
In the portal, search for Microsoft Defender for Cloud.
Under Management, go to Environment settings and select the subscription.
Open Defender plans.
Under Cloud Security Posture Management (CSPM), verify that Defender CSPM is turned on.
If Defender CSPM is enabled, the integration with Defender for Cloud Apps is active.
If it is off, follow the implementation plan.
Implementation Plan:
Open the Azure Portal https://portal.azure.com
In the portal, search for Microsoft Defender for Cloud.
Under Management, go to Environment settings and select the subscription.
Under Cloud Security Posture Management (CSPM), turn ON the Defender CSPM.
Click Save to apply the changes.
Backout Plan:
Open the Azure Portal https://portal.azure.com
In the portal, search for Microsoft Defender for Cloud.
Under Management, go to Environment settings and select the subscription.
Open Defender plans.
Under Cloud Security Posture Management (CSPM), turn OFF Defender CSPM.
Click Save to apply the changes.
Reference: