Deployment Guides
Step-by-step deployment for the full Microsoft 365 security stack
Product guides
MDE · MDO · MDI · Intune · more
Checklist steps
Interactive progress tracking
Pitfalls documented
With fixes for each
Validation checks
Post-deployment testing
Pillar guide · Cloud Apps Security
SaaS Security
Deployment Best Practices
Overview
Cloud discovery analyzes traffic logs collected by Defender for Endpoint, Firewall and Secure Web Gateways and assesses identified apps against the cloud app catalog to provide compliance and security information. By configuring cloud discovery, you gain visibility into cloud use, Shadow IT, and continuous monitoring of unsanctioned apps. The guide covers Shadow IT discovery, app governance and access control, cross-SaaS data protection, threat detection, and ongoing operations.
Audience: IT administrators in SMBs with less than 300 employees, and managed service providers deploying security baselines
References & Microsoft Learn
Product overview
Release notes and updates
Shadow IT discovery via MDE
Cloud discovery setup and snapshot reports
Automatic log collection
App discovery policy creation
Anomaly detection configuration
App governance enablement
OAuth app management and sanctioning
Default anomalous behavior detection policies
Custom OAuth app policy creation
App connectors including M365
SSPM enablement
DLP and file policies
Threat detection policy templates
SOC operations cadence
Daily security review tasks
Weekly posture and health checks
Monthly policy and activity reviews
User enrichment for discovery data
Ports and IP addresses to allowlist
SIEM integration for advanced monitoring
Community resources