Merge branch 'main' of https://github.com/MicrosoftDocs/CloudAppSecurityDocs-pr into two-defender-for-cloud-apps-articles

ShawnJackson · ShawnJackson · commit 79e05a84a962 · 2024-09-23T10:57:52.000-05:00
diff --git a/CloudAppSecurityDocs/enable-instant-visibility-protection-and-governance-actions-for-your-apps.md b/CloudAppSecurityDocs/enable-instant-visibility-protection-and-governance-actions-for-your-apps.md
@@ -1,7 +1,7 @@
 ---
 title: Connect apps to get visibility and control 
 description: This article describes the process for connecting apps with API connectors to apps in your organization's cloud.
-ms.date: 02/20/2023
+ms.date: 05/06/2024
 ms.topic: how-to
 ---
 
@@ -69,6 +69,7 @@ The following tables list, per cloud app, which abilities are supported with App
 | [Google  Workspace](protect-google-workspace.md) | ✔                                    | ✔                                    | ✔                                    | ✔                                    | ✔ - requires Google Business or  Enterprise | ✔                         |
 | [Microsoft 365](protect-office-365.md)        | ✔                                    | ✔                                    | ✔                                    | ✔                                    | ✔                                           | ✔                         |
 | [Miro](protect-miro.md)  | ✔ |  |  | ✔ | ✔| |
+| [Mural](protect-mural.md)  | ✔ |  |  | ✔ | ✔| |
 | [NetDocuments](protect-netdocuments.md)  | ✔ |  | ✔ |  | ✔ | ✔ |
 | [Okta](protect-okta.md)              | ✔                                    |                                      | Not supported by provider            | ✔                                    | ✔                                           | ✔                         |
 | [OneLogin](protect-onelogin.md) | ✔ | | ✔ | ✔ | ✔ | ✔ |
@@ -100,6 +101,7 @@ The following tables list, per cloud app, which abilities are supported with App
 | [Google  Workspace](protect-google-workspace.md) | ✔                                    | ✔                         | ✔                         |✔|
 | [Microsoft 365](protect-office-365.md)      | ✔                                    | ✔                         | ✔                         | ✔                 |
 | [Miro](protect-miro.md)  |  |  |  |  |
+| [Mural](protect-mural.md)  |  |  |  |  |
 | [NetDocuments](protect-netdocuments.md)  |  |  |  | Preview |
 | [Okta](protect-okta.md)              |                                      | Not applicable            | Not applicable            | ✔|
 |  [OneLogin](protect-onelogin.md) | |  |  |  |
@@ -131,6 +133,7 @@ The following tables list, per cloud app, which abilities are supported with App
 | [Google  Workspace](protect-google-workspace.md) | ✔                         | ✔ - requires Google Business  Enterprise | ✔                         | ✔                         | ✔                                          |
 | [Okta](protect-okta.md)               | Not applicable            | Not applicable                           | Not applicable            | Not applicable            | Not applicable                             |
 | [Miro](protect-miro.md)   |  |  |  |  |  |
+| [Mural](protect-mural.md)   |  |  |  |  |  |
 | [NetDocuments](protect-netdocuments.md)  |  |  |  |  |  |
 | [Okta](protect-okta.md)               | Not applicable            | Not applicable                           | Not applicable            | Not applicable            | Not applicable                             |
 | [OneLogin](protect-onelogin.md) |  |  |  |  |  |
diff --git a/CloudAppSecurityDocs/policy-template-reference.md b/CloudAppSecurityDocs/policy-template-reference.md
@@ -17,8 +17,6 @@ For the full list of templates, check the Microsoft Defender Portal.
 
 |Risk category|Template name|Description|
 |-----|----|----|
-|Cloud discovery|Anomalous behavior in discovered users|Alert when anomalous behavior is detected in discovered users and apps, such as: large amounts of uploaded data compared to other users, large user transactions compared to the user's history.|
-|Cloud discovery|Anomalous behavior of discovered IP addresses|Alerts when anomalous behavior is detected in discovered IP addresses and apps, such as: large amounts of uploaded data compared to other IP addresses, large app transactions compared to the IP address's history.|
 |Cloud discovery|Collaboration app compliance check|Alert when new collaboration apps are discovered that aren't compliant with SOC2 and SSAE 16, and are used by more than 50 users with a total daily use of more than 50 MB.|
 |Cloud discovery|Cloud storage app compliance check|Alert when new cloud storage apps are discovered that aren't compliant with SOC2, SSAE 16, ISAE 3402 and PCI DSS, and are used by more than 50 users with total daily use of more than 50 MB.|
 |Cloud discovery|CRM app compliance check|Alert when new CRM apps are discovered that aren't compliant with SOC2, SSAE 16, ISAE 3402, ISO 27001 and HIPAA, and are used by more than 50 users with a total daily use of more than 50 MB.|
diff --git a/CloudAppSecurityDocs/protect-mural.md b/CloudAppSecurityDocs/protect-mural.md
@@ -0,0 +1,72 @@
+---
+title: Protect your Mural environment | Microsoft Defender for Cloud Apps
+description: This article provides information about the benefits of connecting your Mural app to Defender for Cloud Apps using the API connector for visibility and control over use.
+ms.date: 05/06/2024
+ms.topic: how-to
+---
+
+# Protect your Mural environment (Preview)
+
+Mural is an online workspace that enables distributed, cross-functional teams organize and collaborate on projects. Mural holds critical data of your organization, and this makes it a target for malicious actors.
+
+Connecting Mural to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection using machine learning based anomaly detections.
+
+## Main threats
+
+- Compromised accounts and insider threats
+- Data leakage
+- Insufficient security awareness
+- Unmanaged bring your own device (BYOD)
+
+## How Defender for Cloud Apps helps to protect your environment
+
+- [Detect cloud threats, compromised accounts, and malicious insiders](best-practices.md#detect-cloud-threats-compromised-accounts-malicious-insiders-and-ransomware)
+- [Use the audit trail of activities for forensic investigations](best-practices.md#use-the-audit-trail-of-activities-for-forensic-investigations)
+
+## Control Mural with policies
+
+| **Type**                           | **Name**                                                     |
+| ---------------------------------- | ------------------------------------------------------------ |
+| **Built-in  anomaly detection policy** | [Activity from   anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)  <br /> [Activity from   infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country) <br /> [Activity from   suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)  <br /> [Impossible travel](anomaly-detection-policy.md#impossible-travel)  <br /> [Activity   performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)   <br />[Multiple failed   login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)  <br /> |
+| **Activity  policy**                   | Built a customized policy by using the [Mural Audit Log API](https://support.mural.co/s/article/audit-logs).  |
+
+<!--check xrefs -->
+For more information about creating policies, see [Create a policy](control-cloud-apps-with-policies.md#create-a-policy).
+
+## Automate governance controls
+
+In addition to monitoring for potential threats, you can apply and automate the following Mural governance actions to remediate detected threats:
+
+| **Type**        | **Action**                                                   |
+| --------------- | ------------------------------------------------------------ |
+| **User governance** | Notify user on  alert (via Microsoft Entra ID)<br />  Require user to sign in again (via Microsoft Entra ID)   <br /> Suspend user (via Microsoft Entra ID) |
+
+For more information about remediating threats from apps, see [Governing connected apps](governance-actions.md).
+
+## Connect Mural to Microsoft Defender for Cloud Apps
+
+This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Mural account using the App Connector APIs. This connection gives you visibility into and control over Mural usage. 
+
+**Prerequisites**:
+
+- A Mural enterprise account is a pre-requisite for this connection. You must be signed-in as an admin to Mural.
+
+**To connect Mural to Defender for Cloud Apps**:
+
+1.	Sign into your [Mural](https://app.mural.co/) account and select your account icon > **Manage Company > Development > API keys > Create API key**.
+1.	Select all checkboxes and then select **Create API Key** and then **Copy Key**.
+1.	In the Microsoft Defender portal, select **Settings > Cloud Apps > Connected Apps > App Connectors > Connect an app > Mural**.
+1.	In the connection wizard, enter your instance name, and then select **Next**.
+1.	Paste the API key you'd copied from the Mural portal and then select **Submit**.
+
+Once the connection is successfully established, Defender for Cloud Apps starts fetching Mural audit logs. Since Mural's API logs are delayed by 48 hours, the audit log ingestion to Defender for Cloud Apps is similarly delayed.
+
+If you have any problems connecting the app, see [Troubleshooting App Connectors](/defender-cloud-apps/troubleshooting-api-connectors-using-error-messages).
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Control cloud apps with policies](control-cloud-apps-with-policies.md)
+
+
+[!INCLUDE [Open support ticket](includes/support.md)]
diff --git a/CloudAppSecurityDocs/release-notes.md b/CloudAppSecurityDocs/release-notes.md
@@ -19,8 +19,19 @@ For more information on what's new with other Microsoft Defender security produc
 
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
+
 ## September 2024
 
+### Connect Mural to Defender for Cloud Apps (Preview)
+
+Defender for Cloud Apps now supports connections to [Mural](https://www.mural.co/) accounts using app connector APIs, giving your visibility into and control over your organization's Mural use.
+
+For more information, see:
+
+- [How Defender for Cloud Apps helps protect your Mural environment](protect-mural.md)
+- [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+- [Mural Help Center](https://support.mural.co/s/)
+
 ### Removing the ability to email end users about blocked actions
 
 Effective October 1st, 2024, we will discontinue the feature that notifies end users via email when their action is blocked by session policies.
diff --git a/CloudAppSecurityDocs/session-policy-aad.md b/CloudAppSecurityDocs/session-policy-aad.md
@@ -36,7 +36,7 @@ Before you start, make sure that you have the following prerequisites:
     - [Onboard non-Microsoft IdP catalog apps for Conditional Access app control](proxy-deployment-featured-idp.md)
     - [Onboard non-Microsoft IdP custom apps for Conditional Access app control](proxy-deployment-any-app-idp.md)
 
-In order for your access policy to work, you must also have a Microsoft Entra ID Conditional Access policy, which creates the permissions to control traffic.
+In order for your session policy to work, you must also have a Microsoft Entra ID Conditional Access policy, which creates the permissions to control traffic.
 
 [!INCLUDE [entra-conditional-access-policy](includes/entra-conditional-access-policy.md)]
 
@@ -49,7 +49,7 @@ This procedure describes how to create a new session policy in Defender for Clou
 1. Select **Create policy** > **Session policy**. For example:
 
     ![Screenshot of the Create a Conditional Access policy page.](media/create-policy-from-conditional-access-tab.png)
-
+   
 1. On the **Create session policy** page, start by either selecting a template from the **Policy template** dropdown, or by entering all details manually.
 
 1. <a name="type"></a>Enter the following basic information for your policy. If you're using a template, much of the content is already filled in for you.
@@ -177,16 +177,16 @@ To export Cloud discovery logs from the cloud discovery dashboard:
 1. Above the table, select the export button. For example:
 
     ![Screenshot of the export button.](media/export-button.png)
-
-
+   
+   
 1. Select the range of the report and select **Export**. This process may take some time.
 
 1. To download the exported log after the report is ready, in the Microsoft Defender Portal go to **Reports** -> **Cloud Apps** and then **Exported reports**.
 
 1. In the table, select the relevant report from the list of **Conditional Access App Control traffic logs** and select **Download**. For example:
 
     ![Screenshot of the download button.](media/download-button.png)
-
+   
 ## Supported activities for session policies
 
 The following sections provide more details about each activity supported by Defender for Cloud Apps session policies.
diff --git a/CloudAppSecurityDocs/toc.yml b/CloudAppSecurityDocs/toc.yml
@@ -125,6 +125,8 @@ items:
         href: protect-office-365.md
       - name: Miro
         href: protect-miro.md
+      - name: Mural
+        href: protect-mural.md
       - name: NetDocuments
         href: protect-netdocuments.md
       - name: Okta
@@ -206,6 +208,7 @@ items:
     - name: Troubleshoot policies
       href: troubleshoot-policies.md
   - name: Configure threat protection
+
     items:
     - name: Detect suspicious user activity with UEBA
       href: tutorial-suspicious-activity.md
