Microsoft 365 Security Lab: Cloud Discovery | Microsoft 365 Security & Compliance

📖 Overview

This lab provides hands-on experience with Microsoft Defender for Cloud Apps (MDCA) to discover Shadow IT and assess cloud app risk. Walkthroughs simulate real-world Microsoft 365 security engineering tasks and focus on uploading network logs, creating snapshot reports, reviewing apps, and applying governance policies.

📚 What This Covers

📤 Uploading Network Traffic Logs

Ingest firewall or proxy logs into Microsoft Defender for Cloud Apps for discovery analysis.

📑 Cloud Discovery Snapshot Reports

Create snapshot reports to analyze cloud usage patterns and uncover shadow IT.

🔎 Reviewing Cloud Apps & Risk Scores

Evaluate discovered applications, review risk scores, and assess compliance posture.

✅ App Sanctioning & Governance Policies

Sanction or unsanction apps and apply governance policies to enforce safe cloud usage.

📁 Lab Walkthroughs

Cloud Discovery Snapshot

Upload W3C firewall logs, create a snapshot report, analyze discovered apps, and review risk scores.

View Walkthrough

Shadow IT Analysis

Identify unsanctioned apps, prioritize risk based on scores, and evaluate governance actions.

View Walkthrough

App Governance Policies

Plan actions to sanction/unsanction apps, configure monitoring, and integrate with compliance workflows.

View Walkthrough

🛠 Tools Used

Microsoft Defender for Cloud Apps

Microsoft 365 Lab Tenant

Sample Firewall Log (Generic W3C)

🔗 Related Labs

Okta IAM Lab – Cloud IAM, SSO, MFA policies, and lifecycle automation
Microsoft Entra ID – Cloud IAM, Conditional Access, MFA, and PowerShell automation
Active Directory (On-Prem) – OU design, delegation, PowerShell automation, and AD management

💡 Next Steps

Gain practical experience with Shadow IT discovery
Assess cloud app risk and start building governance policies
Secure your Microsoft 365 environment using MDCA