You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/accounts.md
+17-6Lines changed: 17 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,12 +4,23 @@ description: This article provides information about reviewing accounts from you
4
4
ms.date: 01/29/2023
5
5
ms.topic: how-to
6
6
---
7
-
# Accounts
7
+
# Cloud Application Accounts
8
8
9
9
10
10
11
11
Microsoft Defender for Cloud Apps gives you visibility into the accounts from your connected apps. After you connect Defender for Cloud Apps to an app using the App connector, Defender for Cloud Apps reads account information associated with connected apps. The Accounts page enables you to investigate those accounts, permissions, the groups they're members of, their aliases, and the apps they're using. Additionally, when Defender for Cloud Apps detects a new account that wasn't previously seen in one of the connected apps - for example, in activities or file sharing - the account is added to the accounts list of that app. This enables you to have visibility into the activity of external users interacting with your cloud apps.
12
12
13
+
## Identity Inventory (Preview)
14
+
15
+
> [!NOTE]
16
+
> The Identities page is in the process of merging into the unified **Identity Inventory (Preview)**.
17
+
>
18
+
> The **Identity inventory** provides a centralized view of all identities in your organization, enabling you to monitor and manage them efficiently. At a glance, you can see key details such as Domain, Tags, Type, and other attributes, helping you quickly identify and manage identities that require attention.
19
+
>
20
+
> The functionality of the Identities page, as presented below, will be provided in the new Identity Inventory under the "**Cloud application accounts**" tab, offering the same features as it does today. For more details, visit the [Identity Inventory documentation](/defender-for-identity/identity-inventory).
21
+
>
22
+
## Identities
23
+
13
24
Admins can search for a specific user's metadata or user's activity. The **Identities** page provides you with comprehensive details about the entities that are pulled from connected cloud applications. It also provides the user's activity history and security alerts related to the user.
14
25
15
26
The **Identities** page can be [filtered](#identities-filters) to enable you to find specific accounts and to deep dive into different types of accounts, for example, you can filter for all External accounts that haven't been accessed since last year.
@@ -25,15 +36,15 @@ The **Identities** page enables you to easily investigate your accounts, includi
25
36
* You can see which apps are accessed by each account and which apps are deleted for specific accounts
26
37
27
38
28
-
29
-
## Identities filters
39
+
40
+
###Identities filters
30
41
31
42
Following is a list of the account filters that can be applied. Most filters support multiple values as well as NOT, in order to provide you with a powerful tool for policy creation.
32
43
33
44
***Affiliation**: The affiliation is either **Internal** or **External**. To set which users and accounts are internal, under **Settings** make sure to set the **IP address range** of your internal organization. If the account has admin permissions the icon in the Accounts table appears with the addition of the red tie:
***App**: You can filter for any API connected app being used by accounts in your organization.
38
49
***Domain**: This enables you to filter for users in specific domains.
39
50
***Groups**: Enables you to filter for members of user groups in Defender for Cloud Apps - both built-in user groups and imported user groups.
@@ -45,13 +56,13 @@ Following is a list of the account filters that can be applied. Most filters sup
45
56
***Type**: This enables you to filter to either the user or the account type.
46
57
***User name**: Enables you to filter specific users.
47
58
48
-
## Governance actions
59
+
###Governance actions
49
60
50
61
From the **Users and account** page, you can take governance actions such as suspending an app or going to the account settings page. For a full list of governance actions, see the [governance log](governance-actions.md).
51
62
52
63
For example, if you identify a user that is compromised, you can apply the **Confirm user compromised** action to set the user risk level to high, causing the relevant policy actions defined in Microsoft Entra ID to be enforced. The action can be applied manually or using relevant [policies that support governance actions](governance-actions.md).
53
64
54
-
### To manually apply a user or account governance action
65
+
####To manually apply a user or account governance action
55
66
56
67
From the **Users and account** page, on the row where the relevant user or account appears, choose the three dots at the end of the row, then select **Confirm user compromised**.
0 commit comments