What is Microsoft Defender for Cloud Apps? #
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) is a cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps. Microsoft Defender for Cloud Apps includes cloud access security broker (CASB) functionality, SaaS Security Posture Management (SSPM), advanced threat protection, and app-to-app protection.
Why Should You Use the Microsoft Defender for Cloud Apps Connector? #
The Microsoft Defender for Cloud Apps connector provides visibility into the users assets in your environment. You can use this visibility to:
- ensure assets are managed per your security policies
- derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Meridian executes read-only requests to the Microsoft Defender for Cloud Apps REST API and ingests only meta-data about Microsoft Defender for Cloud Apps devices. Meridian does not retrieve any data stored on your assets.
Configuring the Connector in Meridian #
| Field | Description | Example |
|---|---|---|
| Profile Name | Name of this profile for the connector | production servers |
| URL | The URL for the Microsoft Defender for Cloud Apps API. Usually in the format: https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com To find the tenant Id and tenant region, log in to the Defender portal and navigate to Settings > Cloud Apps > About. | https://f8cdef31-a31e-4b4a-93e4-5f571e91255a.us2.portal.cloudappsecurity.com |
| API Token (legacy) | An API token that provides read access to device data and user data. For details on creating an API token in Microsoft Defender for Cloud Apps, see https://learn.microsoft.com/en-us/defender-cloud-apps/tutorial-flow#phase-1-generate-a-defender-for-cloud-apps-api-token | p7g444S3IZ5wmFvmzWmx14qACXdzQ25b |
| Client ID | To allow the Meridian connector to communicate with Microsoft Defender for Cloud Apps, you must create an application in Microsoft Entra. For details, see https://learn.microsoft.com/en-us/defender-cloud-apps/api-authentication-application#create-an-app-for-defender-for-cloud-apps In this field, enter Client ID for the app you created in Entra for the Meridian connector. | |
| Client Secret | To allow the Meridian connector to communicate with Microsoft Defender for Cloud Apps, you must create an application in Microsoft Entra. For details, see https://learn.microsoft.com/en-us/defender-cloud-apps/api-authentication-application#create-an-app-for-defender-for-cloud-apps In this field, enter Client Secret for the app you created in Entra for the Meridian connector. | |
| Tenant ID | The unique GUID (Globally Unique Identifier) that identifies your organization’s Azure Active Directory (Entra ID) To find the tenant ID, log in to the Defender portal and navigate to Settings > Cloud Apps > About | f8cdef31-a31e-4b4a-93e4-5f571e91255a |
Source Documentation #
Creating an API Token (legacy) #
To create an API Token:
Creating a Client ID and Client Secret (Recommended) #
To create an app for Meridian and retrieve the client ID and client secret:
Required Permissions #
The Microsoft Defender for Cloud Apps token must have read access to Device data and User data. For details on defining permissions, see:
https://support.kandji.io/kb/kandji-api#inspect-or-modify-a-token
API Documentation #
https://learn.microsoft.com/en-us/defender-cloud-apps/api-entities-list
