You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/applications-inventory.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ ms.topic: overview
5
5
description: The new Applications page located under Assets in Microsoft Defender XDR portal provides a centralized location for users to view and manage SaaS and SaaS connected OAuth apps information across their environment, ensuring optimal visibility and a comprehensive experience
6
6
#customer intent: As a security administrator, I want to discover, monitor, and manage all SaaS and OAuth connected apps in my organization so that I can ensure security and compliance.
7
7
---
8
-
# Applications inventory (Preview)
8
+
# Applications inventory
9
9
10
10
Protecting your SaaS ecosystem requires taking inventory of all SaaS and connected OAuth apps that are in your environment. With the increasing number of applications, having a comprehensive inventory is crucial to ensure security and compliance. The Applications page provides a centralized view of all SaaS and connected OAuth apps in your organization, enabling efficient monitoring and management.
11
11
At a glance you can see information such as app name, risk score, privilege level, publisher information, and other details for easy identification of SaaS and OAuth apps most at risk.
@@ -19,7 +19,7 @@ The Applications page includes the following tabs:
19
19
20
20
In the Defender portal at <https://security.microsoft.com>, go to **Assets** > **Applications**. Or, go directly to the **Applications** page, by clicking on the banner links on the existing Cloud discovery and App governance pages.
21
21
22
-
:::image type="content" source="media/banner-on-cloud-discovery-pages.png" alt-text="Screenshot of the Cloud Discovery page with a banner about the new unified application inventory experience" lightbox="media/banner-on-cloud-discovery-pages.png":::
22
+
:::image type="content" source="media/banner-on-cloud-discovery-pages.png" alt-text="Screenshot of the Cloud Discovery page with a banner about the new unified application inventory experience." lightbox="media/banner-on-cloud-discovery-pages.png":::
23
23
24
24
:::image type="content" source="media/banner-message-on-app-governance-pages.png" alt-text="Screenshot of the App Governance page with a banner about the new unified application inventory experience for managing OAuth and SaaS apps" lightbox="media/banner-message-on-app-governance-pages.png":::
25
25
@@ -31,7 +31,7 @@ There are several options you can choose from to customize the SaaS apps and OAu
31
31
* Apply filters
32
32
33
33
> [!NOTE]
34
-
>When exporting the applications list to a CSV file, a maximum of 1000 SaaS or OAuth apps are displayed.
34
+
>When exporting the applications list to a CSV file, a maximum of 1000 SaaS or OAuth apps are displayed.
35
35
36
36
The following image depicts the SaaS apps list:
37
37
:::image type="content" source="media/applications-tab-in-the-defender-portal.png" alt-text="Screenshot of the applications tab in the Defender portal" lightbox="media/applications-tab-in-the-defender-portal.png"
@@ -71,7 +71,7 @@ The OAuth apps tab provides visibility into Microsoft 365, Google workspace and
71
71
72
72
***Apps from external unverified publishers** – Shows apps that originated from an external unverified publisher tenant. (Available for Microsoft 365)
73
73
74
-
For more information on how to create app policies, see:[Create app policies in app governance](app-governance-app-policies-create.md)
74
+
For more information on how to create app policies, see[Create app policies in app governance](app-governance-app-policies-create.md).
75
75
76
76
The following image depicts the OAuth apps list:
77
77
@@ -97,8 +97,7 @@ You can apply the following filters to get a more focused view:
97
97
|**Privilege level**| The app's privilege level. |
98
98
|**Certification**| Indicates if an app meets stringent security and compliance standards set by Microsoft 365 or if its publisher has publicly attested to its safety. |
99
99
|**Sensitivity label accessed**| Sensitivity labels on content accessed by the app |
100
-
| **Service accessed**| Microsoft 365 services accessed by the app
101
-
|
100
+
|**Service accessed**| Microsoft 365 services accessed by the app |
102
101
103
102
104
103
> [!TIP]
@@ -112,4 +111,4 @@ You can apply the following filters to get a more focused view:
112
111
> [!div class="nextstepaction"]
113
112
> [Best practices for protecting your organization](best-practices.md)
114
113
115
-
[!INCLUDE [Open support ticket](includes/support.md)]
114
+
[!INCLUDE [Open support ticket](includes/support.md)]
Copy file name to clipboardExpand all lines: defender-office-365/office-365-ti.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,8 +104,10 @@ Microsoft Defender for Office 365 uses role-based access control. Permissions ar
104
104
|Use the Microsoft Defender Vulnerability Management dashboard <br/><br/> View information about recent or current threats|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
105
105
|Use [Explorer (and real-time detections)](threat-explorer-real-time-detections-about.md) to analyze threats|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
106
106
|View Incidents (also referred to as Investigations) <br/><br/> Add email messages to an incident|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
107
-
|Trigger email actions in an incident <br/><br/> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <br/> The **Global Administrator**<sup>\*</sup> and **Security Administrator** roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 36 Defender portal (<https://security.microsoft.com>).|
107
+
|Trigger email actions in an incident <br/><br/> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <br/> The **Global Administrator**<sup>\*</sup> and **Security Administrator** roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 365 Defender portal (<https://security.microsoft.com>).|
108
108
|Integrate Microsoft Defender for Office 365 Plan 2 with Microsoft Defender for Endpoint <br/><br/> Integrate Microsoft Defender for Office 365 Plan 2 with a SIEM server|Either the **Global Administrator**<sup>\*</sup> or the **Security Administrator** role assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> --- **plus** --- <br/><br/> An appropriate role assigned in additional applications (such as [Microsoft Defender Security Center](/windows/security/threat-protection/microsoft-defender-atp/user-roles) or your SIEM server).|
109
+
|View email preview/download .eml of Quarantined emails (view/download only Quarantined emails)|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
110
+
|View email preview/download .eml of ANY email in Explorer|One of the following: <ul><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
109
111
110
112
> [!IMPORTANT]
111
113
> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
0 commit comments