You have a Microsoft 365 E5 subscription that contains devices onboarded to Microsoft Defender for Endpoint.
You integrate Microsoft Defender for Cloud Apps with Defender for Endpoint.
You need identify which cloud apps and services were used most during the last 30 days.
What should you do?
Should be Snapshot report
I thought it clould be Executive Report, so I asked AI to understand the differences between Snapshot Report and Executive Report: The summary is: The Cloud Discovery Executive Report provides a general and broad view, while the Cloud Discovery Snapshot Report provides focused information.
Cloud Discovery Executive Report Purpose: Provides a high-level overview of cloud app usage, potential risks, and recommended actions. Use Case: Ideal for executive leadership and security teams to get a quick understanding of the cloud app landscape and prioritize security efforts. Cloud Discovery Snapshot Report Purpose: Provides a detailed snapshot of cloud app usage at a specific point in time. Scope: Focuses on a specific time period, such as the last 30 days. Content: Most frequently used apps, User activity and behavior, Data transfer volumes Potential security risks associated with specific apps Use Case: Useful for security analysts and IT teams to identify specific security issues, investigate incidents, and make data-driven decisions.
To identify which cloud apps and services were used most during the last 30 days in Microsoft Defender for Cloud Apps, you should generate a Cloud Discovery snapshot report (Option B). This report provides ad-hoc visibility on a specific set of traffic logs that you manually upload from your network. It allows you to analyze your organization's cloud app usage against Microsoft's catalog of cloud apps, which can give insights into usage patterns and potential security risks https://learn.microsoft.com/en-us/defender-cloud-apps/create-snapshot-cloud-discovery-reports
Disagree. I think B is the correct answer. Here is what is contained in the monthly Endpoint report: Microsoft Secure Score Secure score compared to other organizations Devices onboarded Protection against threats Web content monitoring and filtering Suspicious or malicious activities
Executive report: The Cloud discovery page provides a dashboard designed to >>give you more insight<< (=identify) into how cloud apps are being used in your organization. The dashboard provides an at-a-glance view of the types of apps being used, your open alerts, and the risk levels of apps in your organization. https://learn.microsoft.com/en-us/defender-cloud-apps/discovered-apps Snapshot reports: https://learn.microsoft.com/en-us/defender-cloud-apps/create-snapshot-cloud-discovery-reports To create a snapshot report: 1. Collect log files from your firewall and proxy, through which users in your organization access the Internet. Make sure to gather logs during times of peak traffic that are representative of all user activity in your organization. Can't be used for last 30 days, 30 days is not a "snapshot" Answer is D.
ChatGPT o1: Answer: B. Generate a Cloud Discovery snapshot report Explanation: When you integrate Microsoft Defender for Cloud Apps (formerly MCAS) with Defender for Endpoint, you can use Cloud Discovery to see which cloud apps and services are being used on your network. A Cloud Discovery snapshot report pulls usage data over a specified period (for example, the last 30 days) to show which apps are used most and how frequently they’re accessed. A. Monthly security summary report – This is a high‐level Microsoft 365 Defender report and doesn’t provide details on specific app usage in the last 30 days. C. Threat analytics alert notification – This focuses on alerting and threat analytics rather than a list of frequently used cloud apps. D. Cloud Discovery executive report – An executive report provides broader, high‐level findings and risk assessments but is less targeted than a Cloud Discovery snapshot report for identifying the top apps and services.