[CF1] shadow IT update

deadlypants1973 · deadlypants1973 · commit 6225ebce4318 · 2025-08-13T13:32:47.000+01:00
diff --git a/src/content/docs/cloudflare-one/applications/app-library.mdx b/src/content/docs/cloudflare-one/applications/app-library.mdx
@@ -42,14 +42,4 @@ The Shadow IT Discovery dashboard will provide more details for discovered appli
 
 ## Review applications
 
-To organize applications into their approval status for your organization, you can mark them as **Unreviewed** (default), **In review**, **Approved**, and **Unapproved**. The App Library synchronizes application review statuses with [approval statuses](/cloudflare-one/insights/analytics/shadow-it-discovery/#approval-status) from Shadow IT Discovery.
-
-<Render file="approval-status-block" />
-
-To set the status of an application:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My team** > **App Library**.
-2. Locate the card for the application.
-3. In the three-dot menu, select the option to mark your desired status.
-
-Once you mark the status of an application, its badge will change. You can filter applications by their status to review each application in the list for your organization.
+<Render file="app-library-review-apps" />
diff --git a/src/content/docs/cloudflare-one/insights/analytics/shadow-it-discovery.mdx b/src/content/docs/cloudflare-one/insights/analytics/shadow-it-discovery.mdx
@@ -1,100 +1,86 @@
 ---
 pcx_content_type: reference
-title: Shadow IT Discovery
+title: Shadow IT SaaS analytics
 sidebar:
   order: 5
 ---
 
 import { Render } from "~/components";
 
-Shadow IT Discovery provides visibility into the SaaS applications and private network origins your users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.
+Shadow IT SaaS analytics provides visibility into the SaaS applications your users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.
 
-To view Shadow IT Discovery in [Zero Trust](https://one.dash.cloudflare.com), go to **Analytics**, then select **Shadow IT Discovery**.
+To view Shadow IT SaaS analytics:
 
-## Turn on Shadow IT Discovery
+1. Log into [Zero Trust](https://one.dash.cloudflare.com).
+2. Go to **Analytics** > **Dashboards**.
+3. Select **Shadow IT: SaaS analytics**.
 
-To allow Zero Trust to discover shadow IT in your traffic:
+## Prerequisites
 
-- Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
-- Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
-- Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
+To allow Cloudflare to discover shadow IT in your traffic, you must set up [HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/).
 
-## SaaS applications
+## How to use Shadow IT SaaS analytics
 
-For an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:
+### 1. Mark applications
 
-- **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
-- **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
-- **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
-- **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
-- **Logins**: Chart showing the number of logins for an individual Access application over time.
-- **Top applications accessed**: Access applications with the greatest number of logins.
-- **Top connected users**: Users who logged in to the greatest number of Access applications.
+The first step in using the Shadow IT SaaS analytics dashboard is to [review applications in the Application Library](/cloudflare-one/applications/app-library/#review-applications).
 
-### Review discovered applications
+<Render file="app-library-review-apps" />
 
-You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:
+### 2. Monitor usage
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Analytics**, then select **Shadow IT Discovery**
-2. Go to **SaaS**.
-3. In the **Unique application users** chart, select **Review all**. The table displays the following fields:
+Review the Shadow IT SaaS analytics dashboard for application usage. Filter the view based on:
 
-| Field            | Description                                                                                                                  |
-| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
-| Application      | SaaS application's name and logo.                                                                                            |
-| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust.     |
-| Status           | Application's [approval status](#approval-status).                                                                           |
-| Secured          | Whether the application is currently secured behind Cloudflare Access.                                                       |
-| Users            | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
+	Field | Description |
+	| - | - |
+	| Application | SaaS application's name and logo. |
+	| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust. |
+	| Status | Application's [approval status](#approval-status). |
+	| Secured | Whether the application is currently secured behind Cloudflare Access. |
+	| Users | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
 
-3. Select a specific application to view details.
-4. Assign a new [approval status](#approval-status) according to your organization's preferences.
+To manage application statuses in bulk, select **Set Application Statuses** to review applications your users commonly visit and update their approval statuses.
 
-The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
+### 3. Create policies
 
-## Private network origins
+After marking applications, you can create [HTTP policies](/cloudflare-one/policies/gateway/http-policies/) using the application statuses. You can create HTTP policies based on the `Application Review Status` in [**Zero Trust**](https://one.dash.cloudflare.com) > **Firewall policies** > **HTTP**.
 
-To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:
+For example, you can create policies that:
+* Block access to all `Unapproved` applications.
+* Launch all `In Review` applications in an isolated browser.
+* Limit file upload capabilities for specific application statuses.
 
-- **Unique origin users**: Chart showing the number of different users accessing your private network over time.
-- **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
-- **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
-- **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
-- **Logins**: Chart showing the number of logins for an individual Access application over time.
-- **Top applications accessed**: Access applications with the greatest number of logins.
-- **Top connected users**: Users who logged in to the greatest number of Access applications.
+## Available insights
 
-### Review discovered origins
+The Shadow IT SaaS analytics dashboard includes several insights to help you monitor and manage SaaS application usage.
 
-You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:
+* **Number of applications by status:** A breakdown of how many applications have been categorized into the following statuses:
+    * `Unreviewed` (default status for every new application)
+    * `In Review`
+    * `Approved`
+    * `Unapproved`
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Analytics**, then select **Shadow IT Discovery**
-2. Go to **Private Network**.
-3. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.
+		The list of applications is available in the [App Library](/cloudflare-one/applications/app-library/).
 
-| Field      | Description                                                                                                             |
-| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
-| IP address | Origin's internal IP address in your private network.                                                                   |
-| Port       | Port used to connect to the origin.                                                                                     |
-| Protocol   | Protocol used to connect to the origin.                                                                                 |
-| Hostname   | Hostname used to access the origin.                                                                                     |
-| Status     | Origin's [approval status](#approval-status)                                                                            |
-| Users      | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |
+* **Data transferred per application status:** A time-series graph showing the amount of data (in gigabytes) transferred to an application in the given [status](#approval-status).
 
-3. Select a specific origin to view details.
-4. Assign a new [approval status](#approval-status) according to your organization's preferences.
+* **User count per application status:** A time-series graph showing the number of users who have interacted with at least one application in a given status. For example, a user can use an `Approved` application shortly followed by an `In Review` application, contributing to counts for both of those statuses.
 
-The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
+* **Top-N metrics:** A collection of metrics providing insights into top applications, users, devices, and countries.
 
 ## Approval status
 
-Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.
+Within the Shadow IT SaaS analytics dashboard, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.
 
-<Render file="approval-status-block" />
+:::note
 
-| Status     | Description                                                                                            |
-| ---------- | ------------------------------------------------------------------------------------------------------ |
-| Approved   | Applications that have been marked as sanctioned by your organization.                                 |
-| Unapproved | Applications that have been marked as unsanctioned by your organization.                               |
-| In review  | Applications in the process of being reviewed by your organization.                                    |
-| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
+Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your [Access](/cloudflare-one/policies/access/) and [Gateway policies](/cloudflare-one/policies/gateway/).
+
+:::
+
+| Status | Description |
+| - | - |
+| Approved | Applications that have been marked as sanctioned by your organization. |
+| Unapproved | Applications that have been marked as unsanctioned by your organization. |
+| In review | Applications in the process of being reviewed by your organization. |
+| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
diff --git a/src/content/partials/cloudflare-one/app-library-review-apps.mdx b/src/content/partials/cloudflare-one/app-library-review-apps.mdx
@@ -0,0 +1,17 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To organize applications into their approval status for your organization, you can mark them as **Unreviewed** (default), **In review**, **Approved**, and **Unapproved**. The App Library synchronizes application review statuses with [approval statuses](/cloudflare-one/insights/analytics/shadow-it-discovery/#approval-status) from the Shadow IT SaaS analytics dashboard.
+
+<Render file="approval-status-block" />
+
+To set the status of an application:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My team** > **App Library**.
+2. Locate the card for the application.
+3. In the three-dot menu, select the option to mark your desired status.
+
+Once you mark the status of an application, its badge will change. You can filter applications by their status to review each application in the list for your organization.
