Enhancing Security with Microsoft Defender for Cloud Apps' New In-Browser Protection
Microsoft has introduced a new in-browser protection feature for Microsoft Defender for Cloud Apps. This update is designed to strengthen security by offering real-time monitoring and control over user activities in sanctioned and unsanctioned cloud applications. Leveraging deep integration with Microsoft Edge and Google Chrome, this feature enables organizations to enforce data protection policies directly within the browser. It helps to mitigate risks associated with data exfiltration, shadow IT, and compliance violations by providing granular control over file uploads, downloads, and clipboard actions.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a robust security solution designed to enhance protection across various cloud environments. According to Microsoft, this tool offers extensive visibility, control over data traffic, and advanced analytics to detect and mitigate cyber threats across all cloud services. By integrating seamlessly with multiple cloud platforms, it helps businesses enforce security policies effectively and safeguard sensitive information.
This solution stands out with its ability to identify unusual activities early and respond appropriately, ensuring a higher level of security and compliance. Its deep analytical capabilities make it an essential tool for any organization looking to protect its cloud infrastructure from evolving cyber threats.
https://learn.microsoft.com/de-de/defender-cloud-apps/what-is-defender-for-cloud-apps
In-Browser Protection
In-browser protection is a way of restricting app access and monitoring and, if necessary, restricting activities such as downloads, uploads, copying, cutting and printing. This is based on the user risk profile. This provides increased security in SaaS applications.
According to Microsoft, the “new way to manage secure session access for SaaS apps” makes proxies superfluous. As the session policies are applied directly to the browser, this also improves security. Due to the integration in Edge, the process runs smoothly without any latency or app compatibility problems, thereby improving the productivity of individual users.
Once the session policies have been configured in Microsoft Defender, they are applied directly to the browser.
The following lock indicates whether the policy is in effect:
If you click on it, Microsoft Defender for Cloud Apps is listed:
The session policy takes effect, for example, when an attempt is made to download credit card information from a SharePoint website. If this is the case, the following screenshot is displayed:
In-Browser Protection Konfiguration
Please note that you must first create a conditional access policy that applies Defender for Cloud Apps session control and perform the steps shown to configure in-browser protection:
1. Open Microsoft Defender for XDR - Cloud Apps - Policies - Policy management
2. Select the Conditional access tab
3. Click on Create policy and select Session policy
4. Select a policy template and a name for the session policy, an example of this would be “Block Download of Sensitive Documents in Box for Marketing Users”
5. There are several options to choose from under “Session control type”. Depending on the selection, the following setting options vary. Select the desired settings.
5.1. Monitor only
5.2. Block activities
5.3. Control file dowload (with inspection)
5.4. Control file upload (with inspection) - There is only one change to the “Control file dowload (with inspection)” item, which affects the “Action” area
A possible in-browser protection configuration
This is an example configuration. In the "Monitor Threat detection" configuration, the "Monitor only" session control type has been selected.
The next step is to select when this policy should take effect. In this configuration, it takes effect if a location outside Germany is recognizable and the user is in the "Azure AD Guest User" group and is therefore a guest user.
Under "Alerts", you can select whether an alert should be created as soon as the policy takes effect. You can also select one or more email addresses to which this alert is sent. Finally, you can select the maximum number of alerts to be sent per day.
