You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/api-tokens-legacy.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,15 +8,15 @@ ms.topic: reference
8
8
9
9
10
10
11
-
In order to access the Defender for Cloud Apps API, you have to create an API token and use it in your software to connect to the API. This token will be included in the header when Defender for Cloud Apps makes API requests.
11
+
In order to access the Defender for Cloud Apps API, you have to create an API token and use it in your software to connect to the API. This token is included in the header when Defender for Cloud Apps makes API requests.
12
12
13
13
The API tokens tab enables you to help you manage all the API tokens of your tenant.
14
14
15
15
## Generate a token
16
16
17
17
1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **System**, select **API tokens**.
18
18
19
-
1. Select the **Add token** and provide a name to identify the token in the future, and select **Generate**.
19
+
1. Select **Add token** and provide a name to identify the token in the future, and select **Generate**.
20
20
21
21
22
22
@@ -46,7 +46,7 @@ After a token is revoked, it's removed from the table, and the software that was
46
46
47
47
> [!NOTE]
48
48
>
49
-
> - SIEM connectors and log collectors also use API tokens. These tokens should be managed from the log collectors and SIEM agent sections and do not appear in this table.
50
-
> - Deprovisioned users API tokens are retained in Defender for Cloud Apps but cannot be used. Any attempt to use them will result in a permission denied response. However, we recommend that such tokens are revoked on the **API tokens** page.
49
+
> - SIEM connectors and log collectors also use API tokens. These tokens should be managed from the log collectors and SIEM agent sections and don't appear in this table.
50
+
> - Deprovisioned users API tokens are retained in Defender for Cloud Apps but can't be used. Any attempt to use them will result in a permission denied response. However, we recommend that such tokens are revoked on the **API tokens** page.
51
51
52
52
[!INCLUDE [Open support ticket](includes/support.md)]
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/azip-integration.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ ms.topic: how-to
6
6
---
7
7
# Integrate with Microsoft Purview for information protection
8
8
9
-
Microsoft Defender for Cloud Apps lets you automatically apply sensitivity labels from Microsoft Purview. These labels are applied to files as a file policy governance action, and depending on the label configuration, can apply encryption for additional protection. You can also investigate files by filtering for the applied sensitivity label within the Defender for Cloud Apps. Using labels enables greater visibility and control of your sensitive data in the cloud. Integrating Microsoft Purview with Defender for Cloud Apps is as easy as selecting a single checkbox.
9
+
Microsoft Defender for Cloud Apps lets you automatically apply sensitivity labels from Microsoft Purview. These labels are applied to files as a file policy governance action, and depending on the label configuration, can apply encryption for additional protection. You can also investigate files by filtering for the applied sensitivity label within Defender for Cloud Apps. Using labels enables greater visibility and control of your sensitive data in the cloud. Integrating Microsoft Purview with Defender for Cloud Apps is as easy as selecting a single checkbox.
10
10
11
11
By integrating Microsoft Purview into Defender for Cloud Apps, you can use the full power of both services and secure files in your cloud, including:
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/ems-cloud-app-security-govt-service-byok-troubleshoot.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,19 +11,19 @@ ms.topic: conceptual
11
11
This article provides a list of problems that can prevent Defender for Cloud Apps from accessing your Azure Key Vault key used to encrypt collected data at rest.
12
12
13
13
> [!IMPORTANT]
14
-
> If there is a problem accessing your Azure Key Vault key, Defender for Cloud Apps will fail to encrypt your data and your tenant will be lock down within an hour. When your tenant is locked down, all access to it will be blocked until the cause has been resolved. Once your key is accessible again, full access to your tenant will be restored
14
+
> If there's a problem accessing your Azure Key Vault key, Defender for Cloud Apps will fail to encrypt your data, and your tenant will be locked down within an hour. When your tenant is locked down, all access to it will be blocked until the cause has been resolved. Once your key is accessible again, full access to your tenant will be restored
15
15
16
16
## Troubleshooting
17
17
18
18
The following table lists the possible scenarios that can cause data encryption to fail and the actions you can take to resolve them:
19
19
20
20
| Scenario | Actions |
21
21
| --- | --- |
22
-
| <aname="missing-kv-key-permissions"></a>**Missing Key Vault or key permissions**| In the selected Key Vault, under access policy, make sure that the following key permissions are selected:<br />Under **Key management operations**<br />- List<br />Under **Cryptographic operations**<br />- Wrap key<br />- Unwrap key<br /><br />For the selected key, make sure you are using an RSA encryption and that the following operations are permitted:<br />- Wrap key<br />- Unwrap key<br /> |
22
+
| <aname="missing-kv-key-permissions"></a>**Missing Key Vault or key permissions**| In the selected Key Vault, under access policy, make sure that the following key permissions are selected:<br />Under **Key management operations**<br />- List<br />Under **Cryptographic operations**<br />- Wrap key<br />- Unwrap key<br /><br />For the selected key, make sure you're using an RSA encryption and that the following operations are permitted:<br />- Wrap key<br />- Unwrap key<br /> |
23
23
| <aname="firewall-block"></a>**Azure Key Vault firewall blocking access to key**| In the selected Key Vault, make sure that the firewall is configured with the following IP addresses:<br />- 13.66.200.132<br />- 23.100.71.251<br />- 40.78.82.214<br />- 51.105.4.145<br />- 52.166.166.111 |
24
24
| <aname="key-not-enabled"></a>**Encryption key is not enabled**| In the selected key's settings, make sure that the key is enabled.<br />|
25
25
| <aname="key-not-active"></a>**Encryption key is not active**| In the selected key's settings, make sure that the activation date and time is prior to the current date and time.<br />|
26
-
| <aname="key-expired"></a>**Encryption key has expired**| In the selected key's settings, make sure that the expiration date and time has not passed.<br />|
26
+
| <aname="key-expired"></a>**Encryption key has expired**| In the selected key's settings, make sure that the expiration date and time hasn't passed.<br />|
27
27
| <aname="key-not-found"></a>**Encryption key not found or deleted**| Verify that the selected key exists in your Key Vault. If key was deleted, recover and enable it again. If the key was moved to another Key Vault, move it back to the selected Key Vault. |
28
28
29
29
If you run into any problems, we're here to help. To get assistance or support for your product issue, please [open a support ticket](./support-and-ts.md).
0 commit comments