Discover more from SecOpsLab
Unlocking Application Visibility in Defender for Cloud Apps
A quick article on how to give an application administrator restricted visibility to a specific app in Defender for Cloud Apps.
Defender for Cloud Apps gives good auditing information for connected SaaS applications. In some cases there is interest to access this data from outside of the security team.
Examples I have recently seen were superusers for business applications such as ServiceNow or Salesforce.
They liked the auditing capabilities in Defender for Cloud Apps, but had no access to the security portal.
It’s pretty simple to give out limited access and only allow viewing information related to a specific app.
Here is how you do it:
Open security.microsoft.com → Permissions → Cloud Apps → Add User.
Pick your user, select the role type App/instance admin and target the desired app with Select apps for this admin.
After this, when the user opens the Microsoft 365 Defender portal, they have access only to the Cloud apps section, and can only see information related to the selected application, nothing else.
Examples from Activity log and Files view below. Only Sharepoint information is shown for the user.
This is of course mentioned in official documentation too, but I’ve found this particular capability to be easy to miss when doing Defender for Cloud Apps deployments.
Thanks for reading SecOpsLab! Subscribe for free to receive new posts and support my work.