Merge branch 'WI401979-new-oauth-app-table-release-note' of https://github.com/DeCohen/defender-docs-pr into WI401979-new-oauth-app-table-release-note

Author: DeCohen

.openpublishing.redirection.defender-cloud-apps.json

@@ -1004,6 +1004,11 @@
       "source_path": "CloudAppSecurityDocs/file-filters.md",
       "redirect_url": "/defender-cloud-apps/data-protection-policies",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "CloudAppSecurityDocs/troubleshooting-api-connectors-using-error-messages.md",
+      "redirect_url": "/defender-cloud-apps/troubleshooting-api-connectors-errors",
+      "redirect_document_id": true
     }
   ]
 }

CloudAppSecurityDocs/applications-inventory.md

@@ -0,0 +1,115 @@
+---
+title: Application inventory
+ms.date: 03/20/2025
+ms.topic: overview
+description: The new Applications page located under Assets in Microsoft Defender XDR portal provides a centralized location for users to view and manage SaaS and SaaS connected OAuth apps information across their environment, ensuring optimal visibility and a comprehensive experience
+#customer intent: As a security administrator, I want to discover, monitor, and manage all SaaS and OAuth connected apps in my organization so that I can ensure security and compliance.
+---
+# Applications inventory (Preview)
+
+Protecting your SaaS ecosystem requires taking inventory of all SaaS and OAuth connected apps that are in your environment. With the increasing number of applications, having a comprehensive inventory is crucial to ensure security and compliance. The Defender for Cloud apps Applications page provides a centralized view of all SaaS and connected OAuth apps in your organization, enabling efficient monitoring and management.
+At a glance you can see information such as app name, risk score, privilege level, publisher information, and other details for easy identification of SaaS and OAuth apps most at risk.
+
+The Application page includes the following tabs:
+
+* SaaS apps: A consolidated view of all SaaS applications in your network. This tab highlights key details, including app name, status (unprotected/protected app) and whether the app is marked as sanctioned or unsanctioned.
+* OAuth apps: Displays a list of OAuth apps such as Microsoft Entra ID, Google workspace and Salesforce.
+
+## Navigate to the Applications page
+
+In the Defender portal at <https://security.microsoft.com>, go to **Assets** \> **Applications**. Or, to go directly to the **Applications** page, by clicking on the banner links on the existing Cloud discovery and App governance pages.
+
+:::image type="content" source="media/banner-on-cloud-discovery-pages.png" alt-text="Screenshot of the Cloud Discovery page with a banner about the new unified application inventory experience" lightbox="media/banner-on-cloud-discovery-pages.png":::
+
+:::image type="content" source="media/banner-message-on-app-governance-pages.png" alt-text="Screenshot of the App Governance page with a banner about the new unified application inventory experience for managing OAuth and SaaS apps" lightbox="media/banner-message-on-app-governance-pages.png":::
+
+There are several options you can choose from to customize the SaaS apps and OAuth apps list view. In the top navigation panel you can:
+
+* Add or remove columns.
+* Export the entire list in CSV format.
+* Select the number of items to show per page.
+* Apply filters
+
+> [!NOTE]
+>When exporting the applications list to a CSV file, a maximum of 1000 SaaS or OAuth apps are displayed.
+
+The following image depicts the SaaS apps list:
+:::image type="content" source="media/applications-tab-in-the-defender-portal.png" alt-text="Screenshot of the applications tab in the Defender portal" lightbox="media/applications-tab-in-the-defender-portal.png"
+
+
+## SaaS app details
+
+At the top of Saas app tab, you can find actionable insights that allow you to quickly identify apps that need your attention and focus. The following details are displayed:
+
+* **Untagged high risk apps** – Shows apps that aren't tagged and have a high-risk.
+* **Untagged high traffic apps** – Shows apps that aren't tagged and have a high usage traffic (greater than 1 GB of data traffic).
+* **Untagged GenAI apps** – Shows apps that aren't tagged and are Gen-AI based.
+
+## Sort and filter the SaaS apps list
+
+You can use the sort and filter functionality to get a more focused view. These controls also help you assess and manage the SaaS applications in your organization.
+
+|Filter  |Description  |
+|---------|---------|
+|**App tags**     |    Select **Sanctioned**, **Unsanctioned**, or create custom tags to use in a customized filter.  |
+|**App**     |    Filter for specific SaaS apps.     |
+|**Categories**     |  Filter according to app categories.       |
+|**Compliance risk factor**     |   Filter for specific standards, certifications, and compliance your app might comply with. For example: HIPAA, ISO 27001, SOC 2, and PCI-DSS.      |
+| **Risk score**     |  Filter by a specific risk score, such as to view only risky apps.       |
+|**Security risk factor**     |   Filter based on specific security measures, such as encryption at rest, multifactor authentication, and others.
+|
+
+### OAuth Apps
+
+The OAuth apps tab provides visibility into Microsoft 365, Google workspace and Salesforce. Admins can review applications and decide to disable the apps or apply policies to monitor their behavior in their environment.
+
+* **New apps** – Shows apps added in the last 30 days (Available for Microsoft 365)
+
+* **Highly privileged apps** – Shows apps with powerful permissions that allow them to access data or change important settings. (Available for Microsoft 365 and Google)
+
+* **Overprivileged apps** – Shows apps with unused permissions. (Available for Microsoft 365)
+
+* **Apps from external unverified publishers** – Shows apps that originated from an external unverified publisher tenant. (Available for Microsoft 365)
+
+For more information on how to create app policies, see:[Create app policies in app governance](app-governance-app-policies-create.md)
+
+The following image depicts the OAuth apps list:
+
+:::image type="content" source="media/oauth-tab-in-the-applications-page.png" alt-text="Screenshot of a list of OAuth apps in the applications page in the Defender portal" lightbox="media/oauth-tab-in-the-applications-page.png":::
+
+## Sort and filter the OAuth apps list
+
+You can apply the following filters to get a more focused view:
+
+|Column name  |Description  |
+|---------|---------|
+| **App name** | The display name of the app as registered on Microsoft Entra ID. |
+| **App status** | Shows whether the app is enabled or disabled, and if disabled by whom. |
+| **Graph API access**| Shows whether the app has at least one Graph API permission. |
+| **Permission type**| Shows whether the app has application (app only), delegated, or mixed permissions. |
+| **App origin**| Shows whether the app originated within the tenant or was registered in an external tenant. |
+| **Consent type**| Shows whether the app consent has been given at the user or the admin level, and the number of users whose data is accessible to the app. |
+| **Publisher**| Publisher of the app and their verification status. |
+| **Last modified**| Date and time when registration information was last updated on Microsoft Entra ID |
+| **Added on**| Shows the date and time when the app was registered to Microsoft Entra ID and assigned a service principal. |
+| **Permission usage**| Shows whether the app has any unused Graph API permissions in the last 90 days. |
+| **Data usage**| Total data downloaded or uploaded by the app in the last 30 days. |
+| **Privilege level**  | The app's privilege level. |
+| **Certification**| Indicates if an app meets stringent security and compliance standards set by Microsoft 365 or if its publisher has publicly attested to its safety.  |
+| **Sensitivity label accessed**| Sensitivity labels on content accessed by the app  |
+| **Service accessed**| Microsoft 365 services accessed by the app  
+|
+
+
+> [!TIP]
+> To see all columns, you might need to do one or more of the following steps:
+> * Horizontally scroll in your web browser.
+> * Narrow the width of appropriate columns.
+> * Zoom out in your web browser.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Best practices for protecting your organization](best-practices.md)
+
+[!INCLUDE [Open support ticket](includes/support.md)]

CloudAppSecurityDocs/media/applications-tab-in-the-defender-portal.png

@@ -27,6 +27,14 @@ The [OAuthAppInfo](/defender-xdr/advanced-hunting-oauthappinfo-table) table is n
 
 This table provides details on Microsoft 365-connected OAuth applications that are registered with Microsoft Entra ID and accessible through the Defender for Cloud Apps app governance capability.
 
+### New Applications page in Defender XDR (Preview)
+
+The new Applications page consolidates all SaaS and connected OAuth applications into a single, unified inventory. This centralized view streamlines application discovery, monitoring, and management, providing greater visibility and control across your environment.
+
+The page surfaces key insights such as risk scores, usage patterns, publisher verification status, and privilege levels. These insights help you quickly identify and address high-risk or untagged applications.
+
+For more information, see [Application inventory overview](applications-inventory.md)
+
 ## March 2025
 
 ### Enhanced Identity Inventory (Preview)

CloudAppSecurityDocs/media/banner-message-on-app-governance-pages.png

@@ -118,8 +118,6 @@ items:
         href: protect-zendesk.md
       - name: Zoom
         href: protect-zoom.md
-      - name: Troubleshooting API connectors using error messages
-        href: troubleshooting-api-connectors-using-error-messages.md
 - name: Cloud app discovery
   items:
   - name: Overview
@@ -157,6 +155,8 @@ items:
         href: log-collector-advanced-management.md
       - name: Use the custom log parser
         href: custom-log-parser.md
+      - name: Troubleshooting API connector errors
+        href: troubleshooting-api-connectors-errors.md
     - name: Integrate with Microsoft Defender for Endpoint
       items:
       - name: Overview
@@ -424,6 +424,12 @@ items:
       href: app-activity-threat-hunting.md
   - name: App governance FAQ
     href: app-governance-faq.yml
+- name: Investigate and respond 
+  items:
+    - name: Assets
+      items:
+      - name: Applications inventory
+        href: applications-inventory.md
 - name: Operations guide
   items:
   - name: Operations guide overview

CloudAppSecurityDocs/media/banner-on-cloud-discovery-pages.png

@@ -6,8 +6,6 @@ ms.topic: conceptual
 ---
 # Troubleshooting App Connector errors
 
-
-
 This article provides a list of API App connector error messages and resolution recommendations for each error.
 
 ## Troubleshooting