Microsoft Defender for Cloud apps now protects cloud apps directly in Edge for Business

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft Defender for Cloud Apps now protects cloud apps directly within Edge for Business.
  • This eliminates the need for proxies, potentially improving security and performance.
  • Admins can set granular session policies to restrict actions and protect sensitive data.

Microsoft is expanding the reach of its Defender for Cloud Apps service to include browser-based cloud apps accessed through the Edge for Business browser. This integration has improved security and simplified the process for businesses.

Previously, Defender for Cloud Apps relied on proxies to monitor and protect cloud app usage. With the new update, the service now uses built-in controls within Edge for Business, which removes the need for proxies and hence can enhance performance.

This browser-based protection allows administrators to implement granular session policies. These policies can restrict app access based on user risk (e.g., logging in from an unmanaged device) and limit actions like downloads, uploads, copying, cutting, and printing during a session.

For example, if a user attempts to download a file containing sensitive information from a SharePoint site using Edge for Business, Defender for Cloud Apps can automatically block the download based on pre-defined policies, as explained here. Importantly, these restrictions are implemented transparently so that user productivity remains unaffected.

Session policies can be configured within the Microsoft Defender portal. Security admins can follow these steps to create a new session policy:

  1. After you have created a conditional access policy that applies Defender for Cloud Apps session control, navigate to Cloud Apps -> Policies -> Policy management in the Microsoft Defender portal. Then select the Conditional access tab.
  2. Click on Create policy and select Session policy.
  3. In the Session policy window, assign a name for your policy, such as Block Download of Sensitive Documents in Box for Marketing Users.
  4. Under the Session control type field, choose from the following options:
    • Select Monitor only if you only want to monitor activities by users. This selection creates a Monitor only policy for the apps you selected were all sign-ins.
    • Select Control file download (with inspection) if you want to monitor user activities. You can take more actions like block or protect downloads for users.
    • Select Block activities to block specific activities, which you can select using the Activity type filter.

Currently, only Edge for Business offers integration with Defender for Cloud Apps. Microsoft has not announced plans to extend support to other browsers like Google Chrome.

More here.

User forum

0 messages