You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-cloud-apps/create-snapshot-cloud-discovery-reports.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Create snapshot cloud discovery reports
3
3
description: This article provides information about how to upload logs manually to create a snapshot report of your cloud discovery apps.
4
-
ms.date: 01/29/2023
4
+
ms.date: 10/20/2025
5
5
ms.topic: how-to
6
6
ms.reviewer: Mravela
7
7
---
@@ -61,6 +61,7 @@ To create a snapshot report:
61
61
62
62
Cloud discovery uses the data in your traffic logs. The more detailed your log, the better visibility you get. Cloud discovery requires web-traffic data with the following attributes:
63
63
64
+
64
65
- Date of the transaction
65
66
- Source IP
66
67
- Source user - highly recommended
@@ -77,9 +78,10 @@ Therefore, these attributes won't be shown in cloud discovery data for these log
77
78
To successfully generate a cloud discovery report, your traffic logs must meet the following conditions:
78
79
79
80
1.[Data source is supported](set-up-cloud-discovery.md#supported-firewalls-and-proxies).
80
-
2. Log format matches the expected standard format (format checked upon upload by the Log tool).
81
-
3. Events aren't more than 90 days old.
82
-
4. The log file is valid and includes outbound traffic information.
81
+
1. Log format matches the expected standard format (format checked upon upload by the Log tool).
82
+
1. Events aren't more than 90 days old.
83
+
1. The log file is valid and includes outbound traffic information.
84
+
1. Configure the appliance to forward only traffic logs. Including unrelated logs in the configuration can inflate the ingested traffic volume.
Copy file name to clipboardExpand all lines: defender-for-cloud-apps/real-time-agent-protection-during-runtime.md
+8-10Lines changed: 8 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,17 +63,15 @@ The following steps describe the Security Administrator’s required actions to
63
63
> [!IMPORTANT]
64
64
> If the Microsoft 365 connector isn’t properly connected, real-time agent protection during runtime continues to block suspicious activity on the AI agent. Alerts and incidents related to these actions won't show in the Microsoft Defender portal.
65
65
66
-
1. Make sure to collaborate with the following administrators:
66
+
1. Enter the App ID provided by your Power Platform administrator and select **Save**.
67
+
:::image type="content" source="media/protect-agents-real-time/turn-on-real-time-agent-protection.png" alt-text="Screenshot that shows how to turn on Real time agent protection during runtime in the Defender portal." lightbox="media/protect-agents-real-time/turn-on-real-time-agent-protection.png":::
67
68
68
-
- The **Microsoft Entra Administrator** needs to create [a Microsoft Entra ID application](/microsoft-copilot-studio/external-security-provider#step-1-configure-microsoft-entra-application) and configure a Federated Identity Credential (FIC) using the URL provided in the Microsoft Defender portal. For more information, see: [Authorize the Microsoft Entra application with your provider of choice](/microsoft-copilot-studio/external-security-provider#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
69
-
70
-
- The **Power Platform Administrator** needs to enter the Application ID and URL in the Power Platform settings page. For more information, see: [Enable external threat detection and protection for Copilot Studio custom agents](/microsoft-copilot-studio/external-security-provider#step-2-configure-the-threat-detection-system).
71
-
1. Enter the App ID provided by your Power Platform administrator. The Application (client) ID, uniquely identifies your application and is used in your application's code as part of validating the security tokens it receives from the Microsoft identity platform.
72
-
1. Select **Save**.
73
-
1. Copy the URL provided.
74
-
1. Share the URL with the Power Platform administrator.
75
-
76
-
:::image type="content" source="media/protect-agents-real-time/turn-on-real-time-agent-protection.png" alt-text="Screenshot that shows how to turn on Real time agent protection during runtime in the Defender portal." lightbox="media/protect-agents-real-time/turn-on-real-time-agent-protection.png":::
69
+
> [!IMPORTANT]
70
+
> - Completing the onboarding process requires collaboration with a Power Platform administrator. The onboarding instructions on the Power Platform side are specified here: [Enable external threat detection and protection for Copilot Studio custom agents](/microsoft-copilot-studio/external-security-provider#step-2-configure-the-threat-detection-system).
71
+
> - The application ID that the Power Platform administrator needs to provide is this [Microsoft Entra ID application](/microsoft-copilot-studio/external-security-provider#step-1-configure-microsoft-entra-application).
72
+
> - To allow the Power Platform administrator to complete the onboarding steps, share the URL provided in the Defender portal with them.
73
+
74
+
1. No further action is needed on your part. Once the Power Platform administrator completes the onboarding steps on their side, you’ll see a green **Connected** status.
Copy file name to clipboardExpand all lines: defender-for-identity/deploy/activate-sensor.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,9 +18,8 @@ See [Microsoft Defender for Identity sensor v3.x prerequisites](prerequisites-se
18
18
The **Activation** page displays all servers from your device inventory. Defender for Identity detects all of your servers and their configuration. The server's activation state lets you know what you need to do to onboard the domain controller to Defender for Identity.
19
19
20
20
You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, by selecting specific domain controllers from the list of eligible servers.
21
-
22
-
23
-
[](media/activate-sensor/1.png#lightbox)
21
+
22
+
[](media/activate-sensor/blog.png#lightbox)
24
23
25
24
|Activation State |Next steps |
26
25
|---------|---------|
@@ -44,8 +43,8 @@ The process for activating the sensor depends on your configuration.
44
43
45
44
46
45
1. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers**. This takes you to the **Sensors** page, where you can check your sensor health.
47
-
48
-
[](media/activate-sensor/image1.png#lightbox)
46
+
47
+
[](media/activate-sensor/activated-sensor.png#lightbox)
0 commit comments